As you probably know, we've run into some serious technical problems during the webinar (who would suspect a hangouts outage, huh), which caused both a 40 minute delay, changing the platform and some minor problems on the line (like lack of recording). So, as promised, I did record the talk again and I've just posted it on YouTube, to be enjoyed by everyone who couldn't see the live one, or decided to wait for the video for other reasons (the technical problems being a good one).
Context: please refer to this post.
"Data, data, data! I can't make bricks without clay." A few practical notes on reverse-engineering.
Direct YouTube link: click
The talk was done as part of Garage4Hackers Ranchoddas Series.
http://www.garage4hackers.com/
Slides: here
Scripts, etc: here
Once again sorry for the technical issues during the live talk.
Let me know what you think about the talk (questions are welcome as well) :)
Cheers,
Sections
- lang: |
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- Debug Log: Internet doesn't work (it was the PSU),
- FAQ: The tragedy of low-level exploitation,
- Solving Hx8 Teaser 2 highlight videos!,
- Gynvael on SECURITYbreak podcast,
- Paged Out! #4 is out,
- I won't be able to attend CONFidence'24 after all :(,
- xz/liblzma: Bash-stage Obfuscation Explained,
- Two of my bookmarklets: image extraction and simple TTS,
- Paged Out! #3 is out,
- My howto script,
- → see all posts on main page
// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
Comments:
At the time of webinar not many high level questions were asked on IRC. So G4H team had nothing much to filter out and because of the technical glitches that pushed us to lower resource alternatives, Gynvael took all queries out of which some were entry level. Nonetheless none of the quality questions were left out because of this.
Also if you think there are unanswered queries, they can always be posted on Forum or answered on IRC
Ah, the questions were kinda my fault - sadly my voice was kinda dying at the end of the talk, so I decided to answer only a couple of the question.
Nonetheless I think you are right. Let's do it like this - I'll grep the logs for all the questions and try to answer them all in form of a blog post. This should do the job, right?
@Parsia
I'm happy you liked it :)
Sorry I really didn't mean to sound claiming. Like I said I liked the webinar a lot, it was great and I'm perfectly happy with everything. Please leave the logs and don't waste time for that, it's definitely not worth it.
Congratz for the Insomni'hack win and thanks again for the talk
Don't worry, I was referring mostly to my inner feeling that I should take more time to answer questions :)
All in all I'll look through the questions again and see how much time I have, and maybe it will be made into a decent blog post :)
I'm happy that you liked the talk and thanks!
Add a comment: