Design Flaw in Security Product - ALLES! CTF 2021

Channel:

Subscribers:

920,000

Published on October 26, 2021 2:13:55 PM ● Video Link: https://www.youtube.com/watch?v=v784VBx9w8g

Duration: 12:28

30,723 views

1,294

In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.

Challenge Files: https://github.com/LiveOverflow/ctf-cryptowaf

Walkthrough: https://www.youtube.com/watch?v=ZKrABs-N9wA
BugBountyReportsExplained: https://www.youtube.com/c/BugBountyReportsExplained

00:00 - Intro
01:33 - Background Story
02:55 - What is CryptoWAF?
04:16 - Implementing Encryption
05:06 - Encryption Challenges
06:59 - Implementing Decryption
07:02 - Design Flaw
08:26 - Exploiting the Design Flaw
09:06 - Leaking Database
10:04 - WAF Bypass
11:04 - Conclusion
12:07 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11
2021-10-06	Video Essay about the Security Creator Scene
2021-09-26	Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19	Developing a Tool to Find Function Pointers on The Heap \| Ep. 10
2021-09-12	What Ethereum Smart Contract Hacking Looks Like
2021-09-04	Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28	"Controversial Security" // BSides Berlin 2021
2021-08-26	using z3 to reverse a custom hash during a CTF be like #shorts
2021-08-19	can you hack this screenshot service?? - CSCG 2021
2021-08-11	C Code Review - Reaching Vulnerable Code in sudo \| Ep. 08

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

cryptowaf

web application firewall

waf bypass

crypto

cryptography

encryption

decryption

design flaw

logic flaw

bug bounty

ctf

capture the flag

sql injection

sqlmap

code audit

security audit

realistic ctf

alles!

alles ctf