Design Flaw in Security Product - ALLES! CTF 2021

preview_player
Показать описание
In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.

00:00 - Intro
01:33 - Background Story
02:55 - What is CryptoWAF?
04:16 - Implementing Encryption
05:06 - Encryption Challenges
06:59 - Implementing Decryption
07:02 - Design Flaw
08:26 - Exploiting the Design Flaw
09:06 - Leaking Database
10:04 - WAF Bypass
11:04 - Conclusion
12:07 - Outro

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Design Flaw in 0:12:28

Design Flaw in Security Product - ALLES! CTF 2021

The 7 Deadly 0:24:51

The 7 Deadly Sins: Security-Based Design Flaws in IoT Products

The Inherent Design 0:03:04

The Inherent Design Flaws in Internet Security

How to Detect 0:00:48

How to Detect Security Design Flaws

Major Security Flaws 0:00:52

Major Security Flaws 🤯 Redesign Required! 🛠️

[1163] A Stunning 0:02:51

[1163] A Stunning Trailer Lock Design Flaw (Equipment Lock Company)

The Design Thinking 0:03:57

The Design Thinking Process

Firefox design flaw 0:08:42

Firefox design flaw leads to broken authentication

[845] Master Locks 0:03:14

[845] Master Locks With INEXCUSABLE Design Flaws

What phones do 0:00:50

What phones do billions use?

What's the EU’s 0:00:56

What's the EU’s updated #ProductLiability Directive? #EU #cybersecurity #news #AI

[1321] HUGE Design 0:01:38

[1321] HUGE Design Flaw In Koseibal Safe

SDC 2018 - 0:49:39

SDC 2018 - How to Handle Security Flaws in a Storage Product Using Open Source Code

sewing machine hacks 0:00:21

sewing machine hacks #shorts #viral #youtubeindia #sewing

Why AI Won't 0:00:39

Why AI Won't Take These Jobs!

Innovators & ardent 0:00:10

Innovators & ardent problem solvers in digital design, product development, & security. #the...

which model does 0:00:16

which model does Elon musk use? #tesla #modelx #luxurycars

Ring Video Doorbell 0:00:17

Ring Video Doorbell Pro - Design Flaw and Review?

3 home/office security 0:00:19

3 home/office security must-haves? 🥷🏻 #security #safety #camera #shorts #amazon

Reality of Working 0:00:37

Reality of Working in Japan😭

System Design Mock 0:33:11

System Design Mock Interview: Design TikTok ft. Google TPM

Power IC - 0:00:21

Power IC - Power Management IC(PMIC)

Zig-Zag Stitch Saree 0:00:16

Zig-Zag Stitch Saree Fall👌⭐⭐⭐⭐⭐

TINY Laser Level 0:00:18

TINY Laser Level Cube! 🖼️

Комментарии
Автор

Oh wow, ALLES CTF21 was my first CTF and I was expecting this video for a while :D

tunatuncer
Автор

I like how he analyzes how BugBountyReportExplained got his mad skills.

trieulieuf
Автор

This is awesome. I've been following your channel for years now.
In that time the amount of security related channels I watch rose and fell. Currently it's on a low point, as I'm learning heavily on the Dev and Ops side, less on Sec.
However there are two channels left. I had no idea you would ever have contact with each other, but the other Sec channel I still follow is actually BugBountyReportsExplained.
The world is small!
Beste Grüße!

svenvancrombrugge
Автор

Now that we are good on the lightning situation... we can focus our effort onto improving that hoodie lacking problem, shall we ?

martinc.
Автор

Question, what crypto attack do you find the most interesting/unexpected, mine are the AES-CBC padding Oracle and the ECDSA private key recovery because of k being constant

rogervanbommel
Автор

Thank you so much for your content I always learn something new :)

FedoraRose
Автор

@Liveoverflow

Good vid like so many of your vids.

Thank you for making them

cleightthejw
Автор

I see you channeling your inner admin.

BDBD
Автор

And yet, this challenge is marked EASY in this CTF competition.

trieulieuf
Автор

Ok, but how many serious offers from companies have you received that wanted to have this implemented?

agowa
Автор

Hey LiveOverflow you ever thought about making a YouTube programming tutorial series??

VectorAlphaSec
Автор

@LiveOverFlow your eyes are red. Please rest sometimes.

unurenkh
Автор

Military grade isn't always a good thing. With encryption some times civilians have access to better encryption because we're not locked down to contracts. I'm Into guns and I avoid military grade parts when modifying or adding parts military grade parts for guns are usually cheaply made and I will get 3rd party parts that are more expensive and hold up longer.

seanwatts
Автор

I heard us gonna ban sale's of hacking gadget is hat true ?

reastle
Автор

Ubuntu 20.04 is hacking me. How to stop them now??
not even 32 bit password was able to kick them out of PC.
any help is welcome.?

georgehammond
Автор

Bu..Bu..But.. Actual skills.. No anon mask every other thumbnails.. I thought these kind of pratices were ban long time ago.. How dare u

JohnDoe-uqei
Автор

Injectin coments would still work/**/right?

allurbase
Автор

"Automagically" dear god, I hate that buzzword so much.

aronpill
Автор

Why you don't bug hunting? With have great knowledge Im confused 😕 you are insane.

abdulx
Автор

Yeah this is why I pretty much guarantee any company that advertises military-grade encryption has an insecure product. That's the least relevant thing in security and literally the only thing they are focused on or advertising. With that mindset, there's no way you did it right.

InfiniteQuest
welcome to shbcf.ru