The Browser is a very Confused Deputy - web 0x05

Channel:

Subscribers:

921,000

Published on November 1, 2016 4:37:53 PM ● Video Link: https://www.youtube.com/watch?v=Yfsmc0b8o78

Duration: 6:44

38,156 views

966

Reading from the famous paper "The Confused Deputy" by Norm Hardy and make a connection to modern web vulnerabilities like XSS and CSRF.

The Confused Deputy: https://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#WebSecurity #SecurityResearch

Other Videos By LiveOverflow

2016-12-06	Celebrating 10.000 subscribers with a small Q&A - loopback 0x02
2016-12-02	Socket programming in python and Integer Overflow - bin 0x1B
2016-11-29	TCP Protocol introduction - bin 0x1A
2016-11-25	First steps into networking with net0 from exploit.education protostar - bin 0x19
2016-11-22	MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
2016-11-18	Making-of LiveOverflow videos
2016-11-15	The Heap: dlmalloc unlink() exploit - bin 0x18
2016-11-11	int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
2016-11-08	Simple reversing challenge and gaming the system - BruCON CTF part 1
2016-11-04	The Heap: Once upon a free() - bin 0x17
2016-11-01	The Browser is a very Confused Deputy - web 0x05
2016-10-28	The Heap: How do use-after-free exploits work? - bin 0x16
2016-10-25	What is CTF? An introduction to security Capture The Flag competitions
2016-10-21	Explaining Dirty COW local root exploit - CVE-2016-5195
2016-10-18	Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
2016-10-14	Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
2016-10-11	Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
2016-10-06	Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
2016-10-04	Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
2016-09-30	The Heap: How to exploit a Heap Overflow - bin 0x15
2016-09-27	The Heap: what does malloc() do? - bin 0x14

Tags:

live ctf

buffer overflow

let's hack

ctf

live hacking

how to hack

confused deputy

norman hardy

what is the confused deputy

or why capabilities might have been invented

browser security

cross site request forgery

hacker mindset

hacker story

the confused deputy