Security Issue Found in US Gov CISA Tool?

Channel:
United States LiveUnderflow
Subscribers:
39,500
Published on ● Video Link: https://www.youtube.com/watch?v=32aV76oiPRA


Duration: 10:18
7,892 views
375

Shop (advertisement): https://shop.liveoverflow.com/

While looking for an open source app using ApolloServer with GraphQL, we stumbled over RedEye from CISA. After reporting the issue we got a response from the developers.

The Report: https://github.com/cisagov/RedEye/issues/55

→ Twitch Subscription: https://www.twitch.tv/products/liveoverflow
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

Chapters:
00:00 - Intro
00:23 - Research Question
01:33 - CodeQL Query
02:48 - Proof of Concept
03:17 - Impact of Issue
06:53 - Fix Recommendations
08:15 - Discussing Bug Bounty Culture
09:42 - Outlook Next Video: joern

=[ 📄 Info. ]=

Main Channel: https://youtube.com/LiveOverflowCTF
Twitch: https://twitch.tv/LiveOverflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

=[ 📄 P.S. ]=

#liveoverflow



Other Videos By LiveUnderflow


2023-09-14"Remove the video as soon as possible"
2023-09-10Do Hackers Need To Know Algorithms and Data Structures?
2023-04-14I Don't Trust Websites! - The Everything API with ChatGPT
2023-03-23Talking About my Trash Can and Haircut
2023-03-11Attacking VSCode Extension from Browser? - Live Security Research
2023-03-093D Printer Researching Igus Bearings - Prusa i3 MK3S+ (part 3)
2023-03-063D Printer Assembly X-axis - Prusa i3 MK3S+ (part 2)
2023-03-043D Printer Assembly #ASMR - Prusa i3 MK3S+ (part 1)
2023-01-03Analytics from 7 Years on YouTube...
2022-12-30Using joern to Find GraphQL Authorization Issue
2022-12-26Security Issue Found in US Gov CISA Tool?
2022-12-22Using CodeQL to Investigate GraphQL Resolvers
2022-12-18ping Vulnerability Patch Analysis (with #ChatGPT) - CVE-2022-23093
2022-12-08Can AI Hack Websites with XSS? #ChatGPT
2022-12-05The Most Difficult Puzzle Game - Dr. Kobushi's Labyrinthine Laboratory
2022-12-02New Details on Commercial Spyware Vendor Variston - Revisiting Firefox Sandbox Escape
2022-07-16A group of Minecraft hackers tried to shoot me into space
2022-03-11Simple AFK Treasure Fish Farm Concept for 1.19 Sculk Sensor
2021-12-18Log4Shell | Bug Bounty Public Service Announcement #shorts
2021-12-17How To Exploit a Heap Overflow
2021-09-12Thumbnail A/B Test Experiment for CTR


Tags:
liveoverflow
live stream
streaming
electronics
oscilloscope
twitch
live overflow
ctf
it security
cybersecurity
live hacking
cisa
graphql
codeql
bug report
issue
bug bounty
redeye
cobalt strike