And this new flag does require a little bit of my cooperation. Your job is explicitly to hack me, read data that only I can access by way of this one, this site here. The rules here are that anybody can read and write to the chats, but there's a user's key and you can read from the user ID if you off ID is the user ID. I am logged in as admins flag and your job is to get access to my user data by way of this insecure chat. Okay? All right. This one's a hard one, I think. A fine concept, fine concept. This is a concept that almost certainly many of the projects here are going to be vulnerable to good time to teach it. But I don't feel like I checked in with you all as humans. Is anybody here on Friday? All right. Maybe done a PO Box message or something like that. Hopefully found some good things to do. I was thinking make up lecture to do. One of the things I was thinking about is that Andrew Roberts pulled me aside on Wednesday and he's like, all right, I've learned SQL stuff or whatever, and those stacks make a lot of sense to me. This Firebase stack doesn't make any sense to me. I've made really unique architectures for my production worthy fire based projects. So I was thinking I could walk you through one of my database designs, which I don't think is anywhere else roughly. That was what I was thinking about for my like extra lectures that interests you. Different ways of laying out a wacky firebase stack for the modern world. Okay, all right, cool. I'll shoot that sometime this week. Okay, I also have two more speed runs to do. It's a little bit awkward because the speed runs aren't worthy of a whole class per se. They probably could be. This one is type juggling. Here's the idea. You guys have probably all seen the best practice of using triple equals instead of double equals. Yes, this is the essence of that. Which is to say I have t and t. Or if I go down this diagonal, all of these things are going to be this type of evaluates to equal to that type. But what this thing is actually saying is that any place you get a true that is not on this diagonal, there's something wacky going on. Let's take this one. The string HP loosely compares with zero and gives true, huh? Okay. I have no model for why that would ever be true that HP equals zero. But sure enough, empty string will evaluate to zero here, but not one which is odd to me. Fine. The null value will evaluate to zero. Okay? That one you could convince me of, like I could buy that that was really unexpected. Must be a bus, right? Was there a bus involved in that? Okay. How does six people come in a little bit late all at the same time? Okay. There's a bus involved. All right. Negative one evaluates the same as string, negative one. Okay? Do you accept that? Maybe not this type juggling business where an empty array evaluates the same thing as false. Okay, that's interesting. If ever you get one where they're different, like it's not symmetrical, then that's also a thing. That's also going to be a way. So what's the nature of this inside of cybersecurity? We take a look at this wacky problem, where is it broken? It's Roku. And Roku goes into cold storage whenever it's not running. Which cool I get it. Okay, dig what this is going to do. It will give you the flag if you can provide it a string, where the string is literally to equal its own hash, you have to have something that hashes to itself. Now that essentially impossible for you to find, it might not even exist. Anything that has to itself but has itself. That's okay. That's probably enough that you can go Google around and solve this. Now, what magic hashes is the Google search term if you want. Since they said magic hash is out loud, I'll just tell you the concept. Imagine that you have a hex digest that starts with, do you guys recognize the notation? Zero. Every once in a while you'll get it on Google. If I were to say like, I don't know, ten to the 23, 45 there, that notation, scientific notation and calculator language. If you can find a hash that starts with zero, the opening letters of the inside of the hash are also zero or something like that. That's a lot easier. What that's going to evaluate is zero times ten to the whatever's left that will just disregard it and make it zero into zero. Yeah, this wacky thing is going to end up with zero equals zero because the strings are evaluating a scientific notation string rather than the actual string. Okay, That's the concept of that. All right, the other speed run concept here, these are all just so that you can just go out there and start cracking flags and stuff. I got 1 million of them here. This one showed up. This was literally in the last CTF that we played as a team. They pop up out there in the wild. This one is deserialization. Remember when we looked at the session data? Just once we looked at the file and it has literally your session data and had a very odd notation. The notation was this. It was ph serialized data. What I bet that Wikipedia article, that was fine. That was fine. But there's a Wikipedia article here. This is the serialization notation. All right. Interesting enough. But this one is pretty cool because you can put in this weird notation, will say this thing that you're going to. What is serialization? It's taking an object and putting it into a text format. Serialization is going to take your text and put it back into an object. All right. I do this all the time in Javascript in the following way. In fact, if I'm going to do like a deep copy in Javascript, here's my method. Let's say let my obj equals name and awesomeness varies. I want to make a copy of that or something. I'll do Jason string, I can do on par Jr. This will give me an exact copy of Obj that isn't O. Whenever you've got complex things in code, they mutate each other. You copy this object to something else, and you change the other thing. I'll just prove it. Let's say let y equal o. Then I could say n equals Sara, my wife. Now I can go to Obj. You'll see Obj, name is now Sara instead of and mutation that happens, that happens anytime you've got a complex thing that isn't just like a string or an integer. In the assembly level, it passes by reference. It has to pass by an address where that object lives and not making a static copy of everything. Yeah, see that's like Obj inside of a thing. I'd have to say like Jason part. Okay. Like that. Yes. Yes, that probably does the same trick. Yeah. Okay, good. All right, cool. All that new fangled stuff, you know, it's good, but not where my neural nets lived hence farting around. All right. So this is what the Php thing is doing, which is I serialize my object into a string and I eralize it from a string. Okay, In Cyber, anytime somebody is going to take a string from you and turn it into code, it's a bad thing. And I'll even show you a dumber example. Many times I've seen like flask servers or something. The flask server is going to take some input from a user, then they'll do eval on that thing. Okay, fine. I'll just say, then they'll do eval of that thing. This is to take your string and treat it like the string was code essentially. And it's very clearly going to give remote code execution opportunities which is always awesome in cyber us. Whenever there is deserialization, there's probably a way to get it to be remote code execution. That's the essence of this thing. That is, anytime somebody is going to deserialize your string somewhere, somehow you're going to be able to get an e valve to run. All right, in my example here, this Php notation, which is pretty uniquely wacky, this means that it's an object. Eight means that the string, that is the name of the object, is eight characters long. Then this one says that it has two keys, and these are going to be the keys of the object. And then this is going to be that there's a key called, there's a string that will be one of the key, like yeah, the keys John, its value will be the decimal 3.14 And then there's another string in whose value will be the decimal 2.718 All right. That wacky weird PhB object serialization notation. In this one, I will serialize whatever you send to me that has been pickled. You can just get this class to run and wake up. It'll spit out the flag. Your job is to make a object and get this to run it's wake up function. Okay? That's the essence of that little thing. It can get a lot worse here. You can tackle some of these websitFRs. If you haven't been to web sect FR, it's totally there as part of our bingo list. 33 of these little puzzles on here or whatever, that all just cover different topics in web or whatever. Go fight with them all. We start with SQL injection and a little bit harder. And a little bit harder. This one was like level 20 was Php Object D Serialization. Okay, cool. So now you can handle that one. Okay, are you with me? All right, so that was the end of speed runs. I could give those more time. Go solve all four flags. They're all doable. Again, our best CTFs, don't know all of the things, it's not about knowing all of the things. Being a good student has trained you to think. You have to read these five books before you can write a line of code. That's not the way it works. You just have to Google like crazy and you're all good at that. This is more OSN than it is knowledge. All right. You're right, Robbie. Late night. All right. And then the sun's right in your eyes. Stupid sun. Yeah. Okay. All right. Whenever there's body language like that, it's like all right, I'm going to confirm that I'm not being that boring. Just dude didn't get any sleep. All right? All right. Now a interesting topic. This one is a little wacky. Okay? Cross site scripting. Cross site scripting is a big one. It's a big deal on less and less common production things. Maybe more and more like weirdly reflected. But every once in a while you get what's called like a universal cross site scripting exploit. Where it's like the nature of the browser itself does the SS for you in the way that it like serializes the URL or whatever. Just crazy things as a concept. Super important. Certainly everything that you did in project one is vulnerable to this. Maybe not all of you, like 90% of you probably introduced this bug in code. Okay, here we go. If you click this link, insecure, I have an insecure class chat. All right. You are all welcome to come and say hi on this. I'm prepared to kill all your messages. This is a dangerous lecture. Please don't Bitcoin mine or whatever, okay? Bitcoin is not the one to mine on my CPU or whatever. But at least I can run code on all of your computers. This is the idea on cross site scripting. I put in malicious code. It runs on each one of your computers. All right. Somebody say hi. Hi. All right, here we are. Here's the essence of I'm going to put in a style tag directly into this text box. Now, on all of your laptops, the color is salmon. All right. Light bulb. Get the concept, user input comes in unsanitized. It's saved in the database. I can refresh this page and I will still get salmon, right? This is stored cross site scripting. It is stored in the database because the way this page renders, it comes down when it puts it in, it is now first class HTML. And it's first class HTML, it executes more than displays. Okay? So this starts to get pretty bad. Pretty quick, Sam, I love that. That's my new favorite emoji copy. All right, hold on 1 second and everybody pause, okay? Yes. Okay. All right. So this is going to get annoying and I'm going to clear this message very quickly. I can put in the script tag and I can say alert one. All right, are you ready? Okay, you now all have a one popping up on your site in front of you. Okay, my Java script has loaded. Now, every time we refresh this stupid page, I'm going to get the stupid one. I have to click okay before the rest of the things. That's cross scripting, it's dumb cross site scripting. It's not super duper obvious. I'm just going to clear out my messages real quick. Okay. Okay. Now, what other sorts of wacky stuff can you do with? Yeah. Great, I see. All right, we're going to clear out some more messages. Okay, dangerous lecture all year. Okay, they're all pretty dangerous actually. If I put in my script tag now, a benign version of this. Yes, thank you. More benign version of this is that I can just have HTML scripting, okay? And so now it comes in as an H one instead of inside of the other thing or whatever. And so like, you know, cool, I can like mark down my stuff or whatever. And there's plenty of places where you can type your message and mark down and it renders it Right. And so the question is, how good are they at? Oh, gosh, Yeah. All right. That's cool, I'm here for you. Okay? All right. You know, your mind is starting to awaken to the possibilities of ways to hack people. When you can run whatever Javascript you want on their computer. So perhaps you want to make a key logger. All right, now in my notes way down at the bottom, I've got some links to some S helpers. Let's go to this Payloads.com Here's a simple keylogger by an unknown author. Let's take a look at that. All right, documents on key press get the event, key, code, whatever. Now they're sending it back to themselves at a URL. Okay, once a second, they're sending this back. Okay. I don't really want to take the time to set up a malicious URL where I'm harvesting all of your key presses. I can go to this other one, Ceptor.com here, I can just make a little free endpoint. I can use this endpoint to listen for web request to this endpoint. All right, maybe that's interesting. Well, who's going to go to that? I just did you. Now over here at Sp, we will see that there was a fetch request both to fab icon and this thing. And I can look to see that there was nothing in the request body. And that was this tab, right? So I can see things like that and what they sent. Well, okay, what do I do with that? I take my endpoint. Okay, I take my endpoint and I take this payload. And I'm going to put my endpoint in here. Now they've got logger Php receiving the keys. They've got this string which is keys, Keys. They make an image who source is this thing. And so that way it tries to load that image URL and it sends all the keys over. That's the way that that works. I'm going to steal both of these. Make it into a keylogger. See if I can't capture all the key presses that you guys are typing into the thing as you type it. Um, all right, so here's this one, here's this pay loader, and now I'm going to replace this with that. And now I'm just going to wrap it all in a script tag. Okay, let's see. All right, clear this out real quick. We maybe I'll look at Yeah. Okay. All right. All right. We'll clear that out real quick. And let's see if this crap works. And I can say hi there and then just paste this in right behind it. It just looks like hi there to you all. As I type and I go over to Sp, is it working? Is it running? It doesn't look like I quite got it right. Let's see. Unexpected identifier window. Missing a thing after argument list. Okay, Unexpected identifier window. Yeah. Okay. Well, which line is a complaining about do evaluator this thing. So that seemed okay. This might be logs. Oh, I see ten. Yes. Oh, okay. Yeah. Yeah. Yeah, Yeah. Show me my stuff. Come on. No. Okay. Here we go. Here we go. Yeah. All right. So it's sending it once a second now, but Oh, this is unrelated to the hacks. Okay. But the word keys isn't working here. Maybe I'll just make it global and get rid of that window. That's probably my laptop going nuts. It was going a little. It's time for a new one. I've been collecting all my stickers to be ready for the next one. Maybe after the CTF. All right. This might be logged. All we got any typing? Yeah. Oh, we got it. That's me. Yes. Excellent. Okay, I'm getting some key logging. All right. Excellent. It might just be my key logs and not yours, which is not the point, but anyway. Yeah. All right, Good, welcome. This is now the internet. Oh, I knew. I knew. I instantly knew. All right. All right, so key logger, great. That's just like an instant endpoint for exfiltrating data back out. You got to fight with a little bit. You might want to run it on your own little space or whatever, something like that. But a very handy way to be like, okay, I can run code on all your computers. I want to learn all of your cookies or your B session IDs or whatever. I want to learn what your unique IDs are in terms of your admin stuff. I want to figure out all the things that I can figure out as if I were on your computer typing the console. Okay. I heard some snickering. Yeah. Okay. Oh gosh. That takes a while. Click me. Oh, I don't really trust that. Well, it's only a Youtube blink. Can't be that bad. Oh, I think that's because whoever did that text editor had excellent, good, good. Sure. I think it's because these quotes here ended up as the stylized quotes rather than real quotes. A lot of times if you're not using the right text editor, it comes out a little way like that, okay? Oh yeah, Michael Jackson had a rough wacky anyway. All right, cross site scripting. Now you understand it on a deep level. Let's take a look at a right. Still open? Yeah. Okay. Okay, now let's look at the nature of where the vulnerability happens. Here's the vulnerability, all right? Which by the way, almost identically matches a whole lot of code that we've done together like this should not fill you with joy because you're like, oh, I've deployed that to real sites, it's real people. Okay, That's it. That's the essence of the vulnerability right there, is that it takes in your user input and it doesn't sanitize it and treats it as if it were true HTML. All right, that's enough to let you do whatever you want to all of these poor poor people who happen to visit your website. All right? I thought about like deleting this because it comes from an era where I might have more like round tables or whatever or something like that, but I don't mind. Let's imagine together, make a movie plot, if you will. And you can chat amongst yourselves for a minute or something like that where cross site scripting does as much harm as all right, just to say, I've got this one vulnerability and it's there on Twitter. And anybody who tweets can run arbitrary Java script on Twitter of any of the other users, let's say. All right, that's the movie scenario. Can you create Thermonuclear War? If you're free to be the writer of the movie where cross site scripting is possible in a very popular site that has lots of people visit. It. Can do, yeah. How bad can you make that attack? Maybe talk amongst like the three or four people near you. And once you get your best idea, then we say it out loud and can be lost. Lost. Exactly that are the ball. Does that mean that outside of that is all right. So did anybody create World War Three? All right. How did you make World War Three? We, we wipe out, the whole thing is done. How do we get there or getting access to satellite. So how do I pivot from cross site scripting on Twitter to nukes called. He started to think about call, you know, putting your passwords and like how do you get access to n. Started to think about like pass present one person that got upset that he lost the election where he got an army to you know, whole government building, he probably doesn't have the smartest passengers and like whoever and like job, he can't even remember his name right now. Open up the best pass major. Now if the cross site scripting is in a tweet and you can get them to navigate to that tweet. I can imagine picking up credentials, but maybe not the password from that page. If I can get a presidential password and the presidential password allows me access to something else, then nuclear war. Okay, fine. Seconds. I can certainly post a tweet. As any user who sees my tweet, you know, like, like because there's going to be a Twitter API and I probably can do it from the console with the credits of somebody who's logged in. So I can almost certainly post tweets as the person who sees my tweet and I can definitely foment some like in the streets fighting or whatever, something like that. Yeah, to discuss post that when it's Ted to have a script in it that almost as a sort of fast decided they do it okay password. And then when they do that, instead of sending it to the database identify, it just uses their credentials to post their credentials along with the same script to their account again. Got it. Got it. Okay. I like that. You see my tweet a few seconds later. It logs you out by wiping the screen and redrawing an exact copy of the login screen. They re log in on this new screen where you're the boss and that's how you're harvesting the credentials. Okay? All right. That's the missing step here. Now, I've got presidential credentials or whatever, or something like that, and then I continue to use those credentials to actually log them in so they don't recognize that anything was off or whatever, something like that. Okay. Now I've got passwords that I can then go attempt in all the other logins they might use or something better. Okay. Want to get their credentials login on their behalf and you make fun of other people. Want to like start fights? Yeah. For sure. For sure, yeah. Yeah. Putin's got a small one or whatever. You skating? All right. Is that the rough direction the groups went? Yeah. Yeah. If we make the frame the full size in this redrawing business, now they're navigating around inside of my world. And then I can walk them to other sites to log them in there too, or whatever. Now, on this front, every single developer at Twitter has that power, by the way, right? Like anybody who can push to production at Twitter has that power. One of the places that my mind went is the solar flare direction, which is if I'm going to harvest credentials, I'm going to check to see anybody who's got Github access with those same credentials, some important repos or whatever, something like that. And if I can grab their Github account by way of Twitter, then I want to start making actual commits to the code bases that end up in those products very subversively, very quietly over time or whatever, just like I've made a commit and notice that nobody noticed or whatever, something like that. And just make more and more commits in their name to add the code, Okay? All right, cool. More ideas. Yeah, yeah, let me know a question on your. Yeah, totally. Yeah. A, I mean like Github isn't a vulnerability per se. It's all developers everywhere use it or even if they're not using Github, maybe just literally get without the hub. But version control is everywhere, right? Because you guys are the ones who will be building the world. And you've learned it, right? Yes, I know that gets version control but the repo storing get up. They be more inclined to use Gus storing service or the actual art service. Yeah, I think that solar flare was private Github repos, you know, my companies use Bitbucket or whatever for private tab repos. I also have my own private ones. Just my own servers and stuff like that or whatever, but Creds has to live somewhere. Okay. All right, so good. We've invented ways to take this one little thing that general cyberkill chain process is like exploit one is possible from just this innocent little bug that you've all made. And then you pivot from that little bug into whatever other wacky things you can do. Give me an inch, she'll take a mile. Then I can add more and more vulnerabilities as I go or whatever and that kind of thing. All that first toe in the door types of things that we do in this class. Okay, how do we sanitize it? All user data is evil and must be sanitized. All right, that thing that comes out of you is spawn and must be stopped. Okay, here is the slightly more verbose but more secure version of that thing. Again, you can do this in different places, but essentially swapping HTML for text and the text is going to say hey, these are not elements, these are not to be evaluated. They are to be treated entirely as it's a lot more verbose, it's a little bit more annoying. It's not as pleasant to look at the templates and stuff or whatever and things like that, but that will do the job of making the thing. Here's the same site, okay? Now everything that you've put in is literally just the text of what you put in, But the images look a hell of a lot uglier. Like I don't have these beautiful. I'm just, I'm not letting you do HTML anymore, right? So you can start to see that if you had a team and you're running slack or discord or something or whatever, I want people to post images. I have to now put wrappers around everything, right? You're not allowed to do HTML. You are allowed to give me a URL that you want me to post for you or something like that, maybe. But then I have to sanitize that URL and I get this turtles all the way down in effect where I want stuff from you because that's what's fun, and I have to make that stuff like incontrovertibly secure. Okay, let's take a look at a series of cross site scripting things. And this is J, right? How do I let people upload gifts and things so that's beautiful and secure or whatever? Well, I have to know that they're uploading a gift and I've got to sanitize it myself and put the thing in or whatever. Okay. Now let's take you on a little wacky journey. By the way, this is today's flag. In order to do today's flag, you're going to have Java script running on my browser here. You're going to have to identify my user ID by running the little firebase off commands or whatever, and figure out signed in user's ID. Then you're going to have to make the request to the correct endpoint to read the data on my computer and then you're going to have to exfiltrate it over to an endpoint that you can control in order to get it off of my computer. Right? So there's like three or four stages for you to actually read my private data in this set up. All right? And I'm going to see you as you try that all or whatever you like. So not only do you have to get this right, but if you're doing this for JP Morgan or something, you have indicators of compromise, right? Like you will have flags on the network traffic that says, hey, that one's a little whacky block it, you know, and so if I've got a secure operation center, I'm looking for things that say these packets are okay, these packets are not okay. Filter him out or whatever. You almost have to do all of your fuzzing in a place where they don't see it and you get one shot, you know, and that kind of thing. And in that one shot, you better hope it doesn't flag any previous rule or something like that or whatever they say, okay? And that kind of thing. Okay? This is the dog fight that you go to play in at the high levels. You won't be able to log in his admin, but this is just as insecure as the other one. Okay, and because it's insecure, your Java script will run on my computer, and as a result, you've got to run code as me and exfiltrate the results of the code. And you probably have to do that in three different stages. You know, because you have to identify my user ID, the endpoint, fetch what's at that user ID and then exfiltrate that. All right, so now this is one of those things that's true about all of my class structure. I say, here's the tools in the Google search terms, go get it. The actual reality is where you really learn about it. Like us talking about it here is not the same thing as you really doing it and working through like, oh, same with the first project or whatever. Like I can say, asynchronous will be hell. But it's not until you suffer from asynchronous hell that you understand what I meant, okay? And that's healthy. Okay? Go give a try. That's tough one now, here's an easier one that we're going to do together. Now for the last 10 minutes, a class or whatever, here is an old cross site scripting, Google game. You can tell it's old because they say, hey, we'll give you up to $7,500 If you find vulnerability in our products, that number is way larger. Now, Google welcomes you to make money finding bugs in their products, right? As do many, many things. You guys can literally make your living taking the lessons of this class and applying them to pornhub.com And they will pay you every time you can crack something anywhere, right? You just, if you want that degenerate lifestyle, you can. My job is to exploit And each one of those things, if you can validate like proof of concept or get the hell out, is the general rule. But if you can say, okay, here's the thing. They will let you participate in the bug bounty program and they'll say these are the domains that you are allowed to do whatever you want to know, okay? Yeah. All right, so here's how this game works. You're at level one. They'll show you the code. All right. The code is some wacky little Python code with an old fashioned CGI application I haven't talked about. I guess they call SGI. Find CGI is common gateway interface. It's pre Php server side programming. You can make any program you want run on the server, as long as the output is somewhat valid HML. Then they'll serve the output of your program running on the server. You'll have these little CGI folders and you configure your thing to run your program. This is a GI app that's going to send out things. And I think that's it. That's the entire level, not a hard one on here. And they do various querying things. Here's the SS, is that your query goes into there and it's just input into the page. And you can see like basically if I can type and the text shows up in the page, then I'm thinking cross site scripting, right? Ifever I can type text and I see my own text inside their page, I want to validate cross site scripting real quick. Okay, now if I just say script alert one, if I get the alert box to pop up, it says congrats, you can now advance to the next level. This one is just as insecure as my site, but now we go to level two. And this one is a little bit harder. In this one, they allow you to do a little bit of HTML stuff, but they won't just let you put in Java script. If I say script alert on this one will fail. Okay, if I look at the code we can maybe y goes to the posts, I guess it's wrapped in a block quote. I'm not sure why that would filter out the script, but that's okay. It's wrapped in some wacky way where the script just isn't working. It's not exactly a filter. Okay, so feel free to like chat amongst yourselves and get through as many levels as you can in the next 10 minutes. And, and what you'll find is that you have to get sneakier and sneakier in fact, let me take you back to, in my notes all the way at the bottom. Let's take a look at the payload. All the things, excess injection for ideas of how complex this can get. I made a wide open tunnel bridge that you can drive a truck through. Normal cross site scripting is not so obvious. Let's take a look at some of these. All right. Data grabber, script script script script cores, fine. Yeah, yeah, identify an excess endpoint. Okay, all right, here we go. Start taking a look at some of these common payloads. Take a look at this wacky thing as payload number two. What's the essence of this payload? It's living in a world where the filterer trying to protect against cross site scripting, must be looking for tag script and removing it. All right, say fine. So I'm going to put that in the middle of another tag script. And they're not doing it recursively, I presume you or whatever. All right, maybe you get lucky and that's the way they do their crossite scripting. Cool. All right, this one is starting or ending the string. This is that HM's almost like SQL injection style. Or it's like, well maybe it's put into the template and the string ends it. Now I'm live, if I'm not inside the string, but I wouldn't be if I was, maybe they're looking for something, maybe the restricting single quotes or something. So I can do something wacky like that. All maybe the word alert. I don't know, these are all things. If you are a script kitty and you're hunting for cross script, you're going to try to try all of them. Load one, load two, payload three, payload four, payload five. Until that works, that's a good intro. Maybe I should teach you Burp suite next for loading up a bunch of payloads, fuzzing it into input boxes, and saying like, okay, this one failed, this one failed, this one failed, this one worked. And you're just looking for anyone that did something different than the rest. Okay, take a look at this guy, I love this. Make an image tag. The source is intentionally broken, your Javascript is no longer in a script tag. It's in the on error tag of the image. When this fails to load, it will run that as Javascript. Okay, That's pretty clever that way it's no longer the script tag that gets me through, but it's that I can set the on error function inside of an image or something like that. Here, they're trying not to close it. What if a angle brackets are a problem or whatever? Something like that, okay? Oh, look at that eval source. Okay. Wacky, Wacky. All right. All of these are trying to do weird little variations on a theme to see if I can find ways through. All right? Okay, cool. Are you on a level three yet? Yeah. Oh, okay. Back to? Oh, no. Oh, no. Yes. Okay. Uh. Oh, oh my gosh. Oh, no. Oh, yeah. Good. Good. Oh, me and Ed Coyle. All right. Could he shot from the ball? Oh goodness. All right. Welcome to the Internet. This is why I'm not allowed to treat Triple G anymore. Cyber is too dangerous for freshman. Okay. All right. I don't know how much scrolling to do here. That's a sufficient. Yeah. All right. Okay. You wait for me on the mission. Get oh, we're past time. Okay. Go get 'em on your own homework.

XSS, Type Juggling, Deserialization

From Andrew Novocin October 23, 2023

14 plays 0 comments You unliked the media.

Zoom Recording ID: 4159319948 UUID: x1joQ6bdRRmXaeuLXugttQ== Meeting Time: 2023-10-23 01:11:12pmGMT

Tags: websec

Department Name: ECE
Department Division: Engineering
Date Established: October 23, 2023
Appears In: Web Sec F23

Comments

Add a comment