2020-10-18

[public] 57.2K views, 5.02K likes, 26.0 dislikes audio only

LiveOverflow

I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.

Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome

Failed DOM Clobbering Research part 1/2: /youtube/video/dZXaQKEE3A8

Chaining Script Gadgets to Full XSS part 2/2: /youtube/video/UGtrpXk6QVU

00:00 - Introduction

00:37 - Steganography in CTF

01:38 - Dirbuster & Asset Discovery

02:21 - XSS Example (see description)

02:53 - Global Variables in JavaScript

03:21 - The window.name Variable

03:55 - Is this Guessing?

04:20 - Example Solution Walkthrough

06:00 - Benefits of this Challenge

07:20 - The Importance of Scanning

08:19 - Scanning vs. Reading Code

08:57 - Improve Steganography Challenges

10:22 - Summary

11:10 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/