- Видео 116
- Просмотров 319 981
hexdump
Италия
Добавлен 18 сен 2023
Hello there!
During the day, I work as a security consultant and trainer. My remaining time is dedicated to master the art of teaching. I focus on Computer Science, Cybersecurity and Programming.
All my lectures share the same objective: help students build intuition by balancing big-picture ideas with in-depth technical details. If you like my work, support by subscribing and sharing my videos with like-minded people.
Thank you very much!
During the day, I work as a security consultant and trainer. My remaining time is dedicated to master the art of teaching. I focus on Computer Science, Cybersecurity and Programming.
All my lectures share the same objective: help students build intuition by balancing big-picture ideas with in-depth technical details. If you like my work, support by subscribing and sharing my videos with like-minded people.
Thank you very much!
DOM Clobbering + XSS Chaining - BackdoorCTF 2024
Hi there, and welcome to this new video!
Today we will analyze a web challenge named "Cascade Chaos" taken from the Backdoor CTF 2024. To solve the challenge we will need to chain two different XSS. The first one is triggered by using DOM Clobbering to bypass the check on window.isSafe.
As always, I hope you find the video helpful, and I would appreciate if you leave your feedback down in the comments, and share this video with like-minded people.
Thank you very much!
-------------------------
TIMESTAMP
00:00 Introduction
01:30 Initial Analysis
10:10 Brainstorming a solution
13:40 DOM Clobbering
18:40 First XSS in Remote Service
20:00 Second XSS in Local Service
23:13 Chaining the two XSS
25:20 Final ...
Today we will analyze a web challenge named "Cascade Chaos" taken from the Backdoor CTF 2024. To solve the challenge we will need to chain two different XSS. The first one is triggered by using DOM Clobbering to bypass the check on window.isSafe.
As always, I hope you find the video helpful, and I would appreciate if you leave your feedback down in the comments, and share this video with like-minded people.
Thank you very much!
-------------------------
TIMESTAMP
00:00 Introduction
01:30 Initial Analysis
10:10 Brainstorming a solution
13:40 DOM Clobbering
18:40 First XSS in Remote Service
20:00 Second XSS in Local Service
23:13 Chaining the two XSS
25:20 Final ...
Просмотров: 92
Видео
Setup a Simple Active Directory Lab!
Просмотров 8199 часов назад
Hi there, and welcome to this new series! This serie will be about "Active Directory Exploitation". That is, it will focus on Active Directory from a point of view of security, and it will showcase the most important attacks that can be performed on an Active Directory Domain. In the course we will also showcase useful enumeration techniques. As always, I hope that this series, like my other se...
Piracy Shield: Italy's Failed Attempt at Stopping Streaming Piracy
Просмотров 41414 часов назад
Hi, there! Today we discuss about Piracy Shield, italy's failed attempt at stopping streaming piracy. Specifically, Piracy Shield is a web platform that was developed as a result of a new law that was approved in july 2023 by the italian parliament. The law states that copyrights holder have the right to ban IP address and domain names that host pirated streaming content. In the video we analyz...
Simple and Effective Virtualization in Linux (QEMU + Quickemu)
Просмотров 1,2 тыс.21 час назад
Hi and welcome to this new video! In this video I show how to use quickemu in combination with QEMU, virt-manager and spicy to quickly setup and manage virtual machines running different operating systems. To explain the process I show how to setup a simple Windows 10 machine. The basic idea is that I use quickemu to download the official ISO of the OS, and to do the initial installation with s...
A Lisp in a CTF! - 0xL4ugh CTF 2024
Просмотров 239День назад
Hi there, and welcome to this new video! Today we will analyze a challenge taken from the 0xL4ugh CTF 2024. The challenge consists in analyzing the code of a Clojure application in order to find an authentication bypass and an improper input validation. The vulnerabilities were pretty simple, however the application was written in Clojure, a member of the loved Lisp family of languages. This ma...
Extend Burpsuite with your own Extensions!
Просмотров 35814 дней назад
Hi and welcome to this new video! Burpsuite is a powerful tool that allows penetration testers and researchers to analyze the securiy of web applications. One of the most useful aspect of Burpsuite is that it can be extended by using Java or Python code through the Montoya APIs. In this video I showcase a simple development pipeline that can be used to build your own custom extensions for Burps...
PHP-CGI RCE via BestFit! - CVE-2024-4577
Просмотров 59814 дней назад
Hi there, In this video we take a look at CVE-2024-4577, a vulnerability discovered by the joint research of Orange Tsai and splitline. The vulnerability affects windows OS, and particulary instaces of Apache that support PHP-CGI. It allows attackers to obtain RCE by introducing arbitrary arguments to the executable being called. The vulnerability makes use of "BestFit", a character conversion ...
Exploiting a Blind NoSQL Injection - NiteCTF 2024
Просмотров 35821 день назад
Hi there, and welcome to this new video! Today we will analyze a challenge taken from the NiteCTF 2024. The challenge consists in analzing the code of a NextJS application in order to find a Blind NoSQL Injection. The injection can be used to obtain the flag and solve the challenge. During the video I discuss how to define simple objectives for performing a secure code review (SCR) on a codebas...
A Sensible Approach to Sponsorships
Просмотров 17621 день назад
Hi there, and welcome to this new video! In this video I give my thoughts on sponsorship and on the criteria that I will use in the future of my channel to accept or deny sponsorship. It is not really a technical video, more so a video to understand how I want to work in this space. I will try my best to make the mentions have meaning with respect to the technical content of the video! At the e...
Windows Privilege Escalation - Full Course
Просмотров 2,7 тыс.28 дней назад
Upload of the full Windows Privilege Escalation Course. All the material developed for the course is available in the github repository of the channel - github.com/LeonardoE95/yt-en. References are also present in the OSCP repository - github.com/LeonardoE95/OSCP Share this video to support my efforts and help me grow. Thanks. TIMESTAMP 00:00:00 Windows Privilege Escalation Course 01 Introducti...
Apache Tomcat Race Condition To RCE - CVE-2024-50379
Просмотров 1,4 тыс.Месяц назад
Apache Tomcat Race Condition To RCE - CVE-2024-50379
Stored Credentials and the Windows Vault
Просмотров 311Месяц назад
Stored Credentials and the Windows Vault
Okta Auth Bypass: A Quick Explanation!
Просмотров 5372 месяца назад
Okta Auth Bypass: A Quick Explanation!
I'm first
First I want to appreciate the dedication and this long hours of work you put it for free , as well as thorough explanation throughout this videos , please make udemy for for advance stuff thank you !!!!🙏
You serve the community brilliantly. Kudos to you. Thank you.
Your content is gold!!!! im your student now
do u want complete this series ? if yes how many episode do u want make
Of course I will complete it. With respect to the number of episodes I don’t know it yet, making it as I go
@@hexdump1337 thank u bro this content will help a lot of people
echo -n "bro u the best"
that’s precious!
Waiting for Active Directory series
I was waiting for this.
Just completed your web exploitation and windows and linux privelliage escalation. Wow man thanks for providing this quality of resources. I would love to learn about networking like core networking from you ex: packets, tcp/udp. Maybe wireshark. The core basic stuff but in advance, if you can make a playlist on that. But anyways will always love and support the content you are making right now.
Thanks for the suggestions! Yeah Ideally I would want to cover those too. Problem is just time and energy, since I have like few hrs per day to prepare, record and edit. But no worries, with enough time I will cover everything, core concepts in depth too!
wonderful..content...Thanks bro. fr the helping..community with ur knowledge...
It would be cool if you started doing projects we can put on resumes ❤
Thats an interesting suggestions!
Congratulations, great work. Are you going to continue the course? Can I ask a question, why not put your courses on Udemy? If so, in the future, don't forget to put the subtitles in Portuguese, lol Hugs! :)
For sure, already recorded second episode, they will come in time! Why not in udemy? Right now I want to help people learn the basics for free. It is also a way for me to practice teaching. Will keep in mind the Portuguese subtites, thanks.
@@hexdump1337 I hope to learn a lot,🔥🔥🔥🔥🔥
@@hexdump1337 I really hope to learn a lot from you, thank you!
❤🎉❤🎉❤🎉❤🎉❤🎉❤
perfect! thank you
what do you use to take notes ?
emacs org mode i think
I confirm!
@@Mclovin10080 thanks
My favourite part
Its very important to share this knowledge to the world
informative video, great work 👍
Is apache tomcat 9.0.86 also vulnerable to this ?
According to the advisory versions between 9.0.0.M1 AND 9.0.97 are vulnerable, which means that, yes, 9.0.86 should be vulnerable. Of course remember the two other conditions: must run on windows, and must allow users to upload file through PUT
Great knowledge video ❤
OMG!!!!!! you are the man !!!!! thanks a lot for your techings!!
So am I right in saying that there is no more pivoting and tunnelling? And also does that mean that the AD set machine will only have root flags and not user flags?
No, the structure of the AD itself will not be changed. What changed is that instead of accessing the first machine of the AD through an external exploit, now you immediately have access to it and you need to perform privilege escalation. With respect to the user/root flags, the AD was always setup to only have root flags. So yeah, you still have to do pivoting and tunneling. It's just that now you don't have to get a foothold within the AD, you already have access to the first machine. Hope it was clear!
how intregetd host nvidia to vm with kvm/qemu ?
Sorry but I rarely use VM with GPU, also nvidia support in linux is always kinda meh sadly
@@hexdump1337 that true!, we in same pages then
Hello Hexdump I would appreciate it if you could create in-depth courses or videos on threat hunting and malware analysis. Thank you!
Thanks for the suggestion, right now I'm focusing more on active exploitation, but threat hunting is also a very interesting field, as it is malware analysis. One of the two I would probably give priority to the second, as that is extremely linked with Reverse Engineering.
19:06 I just use virt-manager directly. First, I click "Create a new virtual machine." I usually have the iso downloaded, so I go with "Local install." When it asks for the iso, I click "Browse," and it shows up there (I set up a pool for the dir where I keep my isos). Then, I assign some ram. For the disk, when it asks for the size, I pick "Select or create custom storage," then hit "Manage," and since I already have a disk pool on a mounted HDD, I just add a new volume there. After that, it shows the selected configurations, and once I press "Finish," the VM is created and starts automatically. If i don't have the iso i could go with "Network Install", however i prefer downloading the iso separately first...
Thank you, sir
how do use this in my windows laptop
I believe you can use QEMU on windows, although I never tried personally.
Try Linux man
This video is worth the reach you deserve million view bro ! I got all the concepts Thanks
That’s so precious, thanks!
Oh man what a gem of a content you have here. You deserve alot like a lot subscriber. I have watched and learned alot from your linux previliage escalation and web exploitation series. I would love to learn more cybersecurity stuff from you.
Thanks so much, I will keep teaching much, much more!
Hey! Awesome video man , Can you please share the Emacs config you using?
@@SuperRealhigh Planning to do a video on it with the config file as video material 💪🏻👍🏻
@@hexdump1337 Sounds great, Looking forward!
What's the note taking app you use?
@@drmikeyg It’s called Emacs! I made a video on it, in the future I will showcase it more thoroughly
you are awesome
How do you manage the gpu power to the virtual machine? Every time i use qemu it feels really slow, much slower than virtualbox
@@reiayanami1441 Hmm, for my use cases I don’t require much GPU, as I mostly use the windows VM to research vulns on software, some debugging and some powershell Maybe its a config thing? QEMU is powerfully but less friendly to configure properly If you enable KVM and GPU pass-through performance should be good, try to checkout this guide github.com/bryansteiner/gpu-passthrough-tutorial
thanks bro..best content, waiting fr active directory series..
Hey progra-mario!
and luigi?
Nice video sir, I have one question regarding oscp, can I use google or chatgpt in oscp exam
Thanks, so according to this official reference directly from OffSec, chatGPT is not allowed. As always, refer to official sources: help.offsec.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide-Newly-Updated
Thanks for sharing sir.
Bro just don't fucking stop ....❤
I shall not, especially with the knowledge that what I do can be useful to other people
Great :)
Bonjourno Leonardo, I really appriciate your videos, I am currently watching OSCP Guide, I went on to github to download the cheatsheat, but my windows security flagged it and would not let me download it, any thoughts ? I wish to have this cheatsheat for reference while I learn how to use the tools properly. Also, I am worried if I download Kali, on my laptop that it might corrupt it and then I would have to reinstall windows. Am I better off purchaing an external ssd and intall/run Kali from the ssd ?
It gets flagged by security solutions because the files contains various commands which can be used with malicious intent, but by itself is not an executable and it does not really represent a security threat. I would configure the tool you're using to whitelist it. It's just a simple text file with a bunch of commands. With respect to the kali setup, you can use a virtual machine if you're worried about that. Either a virtual machine or windows, or a dual-boot (but if you do it wrong it can end up corrupting windows), or yes, also an external SSDs. Personally I went with VM first, then moved on to dual-boot, and now pretty much I only use linux (not kali tho). If I need to use kali I have a dedicated VM.
Great video, we really needed a technical video like this! Will you ever bring it to the Italian channel? Also, will you create more content like this? I'm curious about how to develop a custom module for Metasploit, for example, or NSE scripts for Nmap. A series on both would be truly educational! Maybe on the Italian channel as well, since there’s a lack of this kind of information in Italian.
Yeah probably gonna cover it in italian as well! Also, thanks for the other suggestions, will definitely create more content on burpsuite and other tools such as nmap and metasploit
@@hexdump1337 Great, great news, I will definitely follow this content.
Awesome video! Would love to see another where you showcase the ExtensionProvidedHttpResponseEditor interface, how to add tabs to the response section inside the repeater, and working with external libraries.
Awesome suggestions, will remember them for future burp related videos
you are GOAT in cybersecurity teaching, thanks much
Thanks, hope it’s useful!