NokiMo
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones.

Watch webp Part 1: 2024-01-22 14:26:34 +0000 UTC View Post

A Vulnerability to Hack The World - CVE-2023-4863

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a h...

View Post

Request hextree.io Invite

2023-11-25 13:23:15 +0000 UTC View Post

Reinventing Web Security

Follow me down the rabbit hole into the wonderful world of IT security.  

Tweets:
htt...

View Post

The Circle of Unfixable Security Issues

Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an...

View Post

Hacker Tweets Explained

Let me explain to you what you can learn from these tweets. Did you know the name trick?

Quote Tweet: 2023-09-19 12:31:31 +0000 UTC View Post

Zenbleed (CVE-2023-20593)

Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD. 

In case you missed it, here is part 1 about fuzzing CPUs: 2023-08-29 15:36:54 +0000 UTC View Post

The Discovery of Zenbleed ft. Tavis Ormandy

How did Tavis Ormandy fuzz CPUs to discover Zenbleed? In this video we learn about the techniques to make this work!  

2023-08-18 13:00:12 +0000 UTC View Post

Asking Android Developers About Security

Watch me go out of my comfort zone and talk to strangers O.O...

I attended droidcon Berlin 2023 and interviewed some developers about what they know about Android security. Thanks again to ev...

View Post

HospitalRun Local Root Exploit

Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an e...

View Post

Secrets of an Android App Bug Hunter

Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapse...

View Post

Generic HTML Sanitizer Bypass Investigation

I stumbled over a weird HTML behavior on Twitter and started to investigate it. Did I just stumble over a generic HTML Sanitizer bypass?

Hacking Google Cloud?

Every year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacke...

View Post

Trying to Find a Bug in WordPress

I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring ...

View Post

Authentication Bypass Using Root Array

Lots of #bugbountytips get posted on twitter, but some of them are ... weird. Let's explore the technical details of one tweet to understand where this tip came from, why this tip was wrong, and ev...

View Post

My YouTube Financials - The Future of LiveOverflow

In this video I show you my YouTube financials and tell you about a new project I have been working on: hextree.io

FYI to all Patreon members, I have not charged you for this video becaus...

View Post

Securing AI - Prompt Injection Defense

After we explored attacking LLMs, in this video we finally talk about defending against prompt injections. Is it even possible?

Watch the complete series: 2023-05-11 21:08:24 +0000 UTC View Post

Accidental LLM Backdoor - Prompt Tricks

In this video we explore various prompt tricks to manipulate the AI to respond in ways we want, even when the system instructions want something else. This can help us better understand the limitat...

View Post

Attacking LLM - Prompt Injection

How will the easy access to powerful APIs like GPT-4 affect the future of IT security? Keep in mind LLMs are new to this world and things will change fast. But I don't want to fall behind, so let's...

View Post

Defending Our Jobs Against AI!

Copilot, ChatGPT and other AI models become a threat to hackers. We rely on insecure code, but when all developers moved over to code generated by AI, we will lose our job. We need to act fast!&nbs...

View Post

Cybercrime is Not Hacking!

In the news, cybercrime is often mentioned in connection to "hacking". Also when accounts get stolen, people say "my account got hacked". But is this really hacking? How does cybercrime actually lo...

View Post

Attacking Language Server JSON RPC

While auditing a VSCode Extension + Language Server I noticed something interesting. This turned into the research question "can we attack the extension from the browser?". After a bit of prelimina...

View Post

Stealing Cheats from Cheaters (Teleport Hack)

There exists a pretty cool teleport hack that I couldn't discover myself. So I decided to steal it and share it with you all!

View Post

VPNs, Proxies and Secure Tunnels Explained

What is a secure "tunnel"? When I started to learn about computers the name confused me. I couldn't imagine how it works on a technical level. In this video we build upon knowledge from the previou...

View Post

Velocity Exploit on Paper?

In this video we investigate the comments' claims that there exists an arbitrary velocity exploit in Minecraft. We look into the code and see if that is true.

View Post

Computer Networking (Deepdive)

In this video I try to explain computer networking with pieces of paper. This hopefully explains why in some universities the OSi layer model is taught. While I find the OSI model kinda useless, "t...

View Post

Revisiting 2b2t Tamed Animal Coordinate Exploit

Everybody told me the cat coordinate exploit/leak was already known. However this does not seem to be true, I tested it by logging packets.

View Post

What is a Protocol?

The term "protocol" can be really confusing. In this video I try to explain to my former self what it means to have a protocol.

View Post

Minecraft Reach Hack

Let's talk about how we can implement a reach hack in minecraft. After knowing how it works, it seems so obvious. But it took me over 14h to figure out myself :D

View Post

Don't Trust Cats

I tried to hide a new base far away, but players quickly found it. Let me tell you how they did it.

View Post