Highlight: THM: Advent of Cyber 2022 [Day 15] Secure Coding Santa is looking for a Sidekick

Channel:
United Kingdom MSec
Subscribers:
512
Published on ● Video Link: https://www.youtube.com/watch?v=xoFtlYgVTfM


Duration: 1:32:14
29 views
1

0:00:40 - Start the box
0:16:35 - Try to start "Shell from Santa" (doesn't work)
0:34:00 - Talking about bug bounties
0:42:38 - Do I recommend going to Uni for cybersecurity?
0:52:08 - Trying to follow the video see if "Shell from Santa" will work (doesn't work, got even more upload errors)
1:11:48 - Third restart of the box...
1:17:53 - The rev shell finally connects back!

Insufficient input validation is one of the biggest security concerns for web applications. The issue occurs when user-provided input is inherently trusted by the application. Since user input can also be controlled by an attacker, we can see how this inherent trust can lead to many problems. Several web application vulnerabilities, such as SQL Injection, Cross Site Scripting, and Unrestricted File Upload, stem from the issue of insufficient user input validation. This task will focus on how insufficient input validation can lead to an Unrestricted File Upload vulnerability.

[https://tryhackme.com/room/adventofcyber4](https://tryhackme.com/room/adventofcyber4) -- Watch live at https://www.twitch.tv/msec



Other Videos By MSec


2022-12-23Highlight: TryHackMe: Advent of Cyber [Day 23] Defence in Depth Mission ELFPossible: Abominable for
2022-12-22Highlight: TryHackMe: Advent of Cyber [Day 22] Attack Surface Reduction Threats are failing all arou
2022-12-22Highlight: TryHackMe: Advent of Cyber [Day 21] [TASK IS FIXED] MQTT Have yourself a merry little web
2022-12-21Highlight: TryHackMe: Advent of Cyber [Day 21] MQTT Have yourself a merry little webcam
2022-12-20Highlight: TryHackMe: Advent of Cyber [Day 20] Firmware Binwalkin’ around the Christmas tree
2022-12-19Highlight: Horizon Forbidden West (2022) | First Playthrough | Part #12 - The Sea of Sands
2022-12-19Highlight: TryHackMe: Advent of Cyber [Day 19] Hardware Hacking Wiggles go brrr
2022-12-18Highlight: THM: Advent of Cyber 2022 [Day 18] Sigma Lumberjack Lenny Learns New Rules
2022-12-17Highlight: THM: Advent of Cyber 2022 [Day 16] Secure Coding SQLi’s the king, the carolers sing
2022-12-17Highlight: THM: Advent of Cyber 2022 [Day 17] Secure Coding Filtering for Order Amidst Chaos
2022-12-15Highlight: THM: Advent of Cyber 2022 [Day 15] Secure Coding Santa is looking for a Sidekick
2022-12-14Highlight: TryHackMe: Steel Mountain [Easy]
2022-12-14Highlight: THM: Advent of Cyber 2022 [Day 14] Web Applications I'm dreaming of secure web apps
2022-12-13Highlight: THM: Advent of Cyber 2022 [Day 12] Malware Analysis Forensic McBlue to the REVscue!
2022-12-13Highlight: THM: Advent of Cyber 2022 [Day 11] Memory Forensics Not all gifts are nice
2022-12-13Highlight: THM: Advent of Cyber 2022 [Day 13] Packet Analysis Simply having a wonderful pcap time
2022-12-12Highlight: THM: Advent of Cyber 2022 [Day 9] Pivoting Dock the halls
2022-12-12Highlight: THM: Advent of Cyber 2022 [Day 10] Hack a game You're a mean one, Mr. Yeti
2022-12-08Highlight: THM: Advent of Cyber 2022 [Day 8] Smart Contracts Last Christmas I gave you my ETH
2022-12-07Highlight: THM: Advent of Cyber 2022 [Day 7] CyberChef Maldocs roasting on an open fire
2022-12-06Highlight: THM: Advent of Cyber 2022 [Day 6] Email Analysis It's beginning to look a lot like phishi


Tags:
Advent of Cyber
challenge
christmas
games
hacking
thm
tryhackme
twitch