picoCTF - Java Code Analysis!?! - Live Walkthrough

In this video, Tib3rius solves the medium rated "Java Code Analysis!?!" challenge from picoCTF.

0:00 - Introduction
0:20 - Starting Java Code Analysis!?!
6:26 - Initial source code review.
16:17 - Running the code locally to help identify weaknesses.
21:15 - Using the weak JWT secret key to create an admin session token.
24:15 - Getting the local flag using our admin session token.
25:09 - Replicating the attack on the live system.
26:05 - More in-depth explanation of the entire attack.
34:47 - Outro