Checkout my videos on the webp vulnerability: https://www.youtube.com/watch?v=lAyhKaclsPM https://www.youtube.com/watch?v=PJLWlmp8CDM The huffman table algorithm as implemented in C is very confusing and I could not understand how the attackers were able to control the overflow properly. But after watching| LiveOverflow
In our attempt to "re-discover" the sudoedit vulnerability (CVE-2021-3156), we use the address sanitation tool to investigate a heap overflow. After fixing it, we investigate several other unique crashes registered by the AFL fuzzer.| LiveOverflow
Using the alert(1) XSS payload doesn't actually tell you where the payload is executed. Choosing alert(document.domain) and alert(window.origin) instead tells you about where the code is being run, helping you determine whether you have a bug you can submit.| LiveOverflow
Our fuzzer found a case that crashes the sudoedit program. We conduct an in-depth analysis of the test case that causes the binary to crash. After being sure that it works, we minimize the test case using AFL's own tool.| LiveOverflow
We're logging crashes with AFL as we try to fuzz our way towards CVE-2021-3156. The crashes are found to be due to buffer overflow, so we set out to fix it.| LiveOverflow
In our quest to find the CVE-2021-3156 vulnerability through fuzzing, we found that afl was causing our computer CPU and disk resources to get all used up. We addressed this, as well as some userid issues.| LiveOverflow
Pentesting involves hacking into companies. "Pentesting", or application security, involves analyzing code to find potential security issues in websites and applications. We discuss aspects of each, and where bug bounties fit between them.| LiveOverflow
Using LLVM and clang, we were able to fuzz Linux programs in the command line using the AFL fuzzer. Exploiting the fact that sudoedit is symlinked to sudo, we tried to find the CVE-2021-3156 vulnerability using fuzzing methods.| LiveOverflow
The sudo vulnerability that was recently uncovered is critical due to the ubiquity of Linux machines all around us. In this first article, we discuss how to find the vulnerability using a command line argument fuzzing tool, AFL.| LiveOverflow
The most comprehensive video about the recent sudo vulnerability CVE-2021-3156| LiveOverflow
There are many "best practices" when it comes to protecting your Linux server from hacking; we discuss their pros & cons and whether you should use them.| LiveOverflow
We use the Pwn Adventure 3: Pwnie Island in-game chat function to list all the actors in the game, and teleport to each location to pick up all the golden eggs!| LiveOverflow
By using LD_PRELOAD, we can use our custom shared object, allowing us to fly in the game!| LiveOverflow
A while ago I came across this tweet, showing off a weird authentication bypass. Based on my experience in auditing websites this didn't make sense to me, so I tried to figure out the root cause. During this process I believe I have identified two potential coding anti-patterns that are| LiveOverflow
Using the environment variable LD_PRELOAD to hook and overwrite function calls.| LiveOverflow