Channels lising page
All videos archived of PwnFunction
jIfxXzjpmSc | 09 Feb 2024
Animated guide to linear regression. First episode of AI series. πΆ Snyk is free forever. Sign up with my link https://snyk.co/pwnfunction β GitHub: https://github.com/PwnFunction/linear-regression π€ X: https://twitter.com/PwnFunction π§° Tools used are: https://tools.pwnfunction.com/ π΅ Track: STRLGHT - Destination
-h_rj2-HP2E | 14 Jul 2022
In this episode we'll break the Math.random method in JavaScript with z3. πΆ Snyk is free forever. Sign up with my link https://snyk.co/pwnfunction β Randomness Predictor: https://github.com/PwnFunction/v8-randomness-predictor β Z3 Challenges: https://github.com/PwnFunction/learn-z3 β¨ Info β Tools used are: https://tools.pwnfunction.com/ β Video Production time(Research to Output): 100-ish hours. β About 2L of Almond milk & 3.5L of Gatorade were consumed during the video creation. π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Lost Sky - Dreams NCS link: https://www.youtube.com/watch?v=SHFTHDncw0g
eTcVLqKpZJc | 08 Apr 2022
In this episode we'll explore a local privilege escalation vulnerability in polkit's pkexec. πΆ Snyk is free forever. Sign up with my link https://snyk.co/pwnfunction β Code + All Resources: https://github.com/PwnFunction/CVE-2021-4034 β¨ Info β Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Adobe Auditions. β VSCode: Monokai Pro Theme, Jetbrains Mono Font, SF Mono Font. β Video Production time: 80-ish hours. β About 2.5L of Almond milk were consumed during the video creation. π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Lost Sky - Dreams NCS link: https://www.youtube.com/watch?v=SHFTHDncw0g
XS_UMqQalLI | 13 Dec 2021
In this episode we'll explore Javascript Prototype Pollution. πΆ Snyk is free forever. Sign up with my link https://snyk.co/pwnfunction β Code + All Resources: https://github.com/PwnFunction/Next.js-Flat-Prototype-Pollution π Prototype Pollution in flat: https://security.snyk.io/vuln/SNYK-JS-FLAT-596927 β¨ Info β Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. β VSCode: Monokai Pro Theme, Dank Mono Font. β Video Production time: 100-ish hours. β 6 Redbulls were consumed. π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Lost Sky - Dreams NCS link: https://www.youtube.com/watch?v=SHFTHDncw0g
RCJdPiogUIk | 05 Oct 2021
In this episode we'll explore the world of SSRFs. β LiveOverflow Blog Post + Instructions: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ β¨ Info β Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. β VSCode: Monokai Pro Theme, Dank Mono Font. β Video Production time: 60-ish hours. β 6 Gatorades were consumed. π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Lost Sky - Dreams NCS link: https://www.youtube.com/watch?v=SHFTHDncw0g
msdymgkhePo | 04 Jun 2021
In this episode we'll explore the world of HTTP and CSS to hide some code. β Code: https://github.com/PwnFunction/Blank-Rick-Roll β¨ Info β Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. β VSCode: Monokai Pro Theme, Dank Mono Font. β Video Production time: 40-ish hours. β 4 Redbulls were consumed. π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Lost Sky - Dreams NCS link: https://www.youtube.com/watch?v=SHFTHDncw0g
6SA6S9Ca5-U | 23 Apr 2021
#BinaryExploitation #FileDescriptor #Attack In this video, we're gonna look at how one can abuse file descriptors in some cases to get access to "sensitive" documents. π Code + Build Instructions: https://hackercamp.co/ π Original Blog: https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
EJtUW2AklVs | 01 Apr 2021
#BinaryExploitation #ELF #Executables This is the second video in the series Binary Exploitation. In this video, we're gonna look at some simple attacks via dangerous functions. π Code + Build Instructions: https://hackercamp.co/ π¬ Discord: https://discord.gg/6KKQHvgJwv π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
WnqOhgI_8wA | 12 Mar 2021
#BinaryExploitation #ELF #Executables This video is an introduction to ELF Executables in Linux. Also it's the first video of a new series called Binary Exploitation. π¬ Discord: https://discord.gg/6KKQHvgJwv π¨βπ» HackerCamp: https://hackercamp.co π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
jwzeJU_62IQ | 24 Jan 2021
#Deserialization #WebSecurity We'll explore the basic concepts of an Insecure Deserialization by attacking a web app written in Python. π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
SN6EVIG4c-0 | 27 Nov 2020
#SSTI #WebSecurity This video explores the world of Server-Side Template Injections (SSTI), primarily we'll look at Python with Flask framework as an example, but the core ideas explained in the video is applicable to wide set of Languages and Frameworks. Original Research: https://portswigger.net/research/server-side-template-injection π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
EoaDgUgS6QA | 22 Mar 2020
#XSS #WebSecurity This time we are going to explore the world of Cross Site Scripting under 12 minutes. π Links β¨ XSS Game: https://xss.pwnfunction.com/ Custom Twitch Chat XSS: https://www.youtube.com/watch?v=2GtbY1XWGlQ π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
2up8J9dErHI | 03 Sep 2019
#WebSecurity #Google #CTF A video writeup on one of the web challenges from the recent Google CTF 2019. π¨βπ» SPONSORED BY INTIGRITI β https://www.intigriti.com/ π Links β’ Google CTF: https://capturetheflag.withgoogle.com β’ LiveOverflow Paste-tastic! Stream: https://www.youtube.com/watch?v=zjriIehgAec β’ LiveOverflow's channel: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w β’ LiveOverflow - Filemanager: https://www.youtube.com/watch?v=HcrQy0C-hEA π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw P.S. Sorry for my audio quality :(
0fdpFQXWVu4 | 07 Jul 2019
#WebSecurity #XXE #Google #CTF A video writeup on one of the web challenges from the recent Google CTF 2019. π¨βπ» SPONSORED BY INTIGRITI β intigriti.com π Links β’ Google CTF: https://capturetheflag.withgoogle.com β’ Insomnia: http://insomnia.rest β’ XXE video Explanation: https://www.youtube.com/watch?v=gjm6VHZa_8s β’ Beeceptor: https://beeceptor.com/ π₯ Exploiting XXE with local DTD files: https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ π€ Twitter: https://twitter.com/PwnFunction π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
eWEgUcHPle0 | 05 Apr 2019
#WebSecurity #CSRF A video explaining CSRF and some different types of attacks. π CSRF to RCE : https://github.com/zadam/trilium/issues/455 SPONSORED BY INTIGRITI β intigriti.com Sorry for the late upload, was busy with other stuff. π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
gjm6VHZa_8s | 28 Feb 2019
#WebSecurity #XXE A video on Exploiting XML parsers, specifically on XML External Entity attacks. π Links John's channel : https://www.youtube.com/user/RootOfTheNull Stok's video on OOB XXE via file uploads : https://www.youtube.com/watch?v=aSiIHKeN3ys Ippsec's Fulcrum walkthrough : https://www.youtube.com/watch?v=46RJxJ-Fm0Y Nicolas GrΓ©goire's works : https://www.agarri.fr/en/ Exploiting XXE with local DTD files : https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ SPONSORED BY INTIGRITI β intigriti.com π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw #WebSecurity #XXE #CTF
rloqMGcPMkI | 12 Feb 2019
#WebSecurity #IDOR A video on how Insecure Direct Object References can affect a web application. SPONSORED BY INTIGRITI β intigriti.com π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
jkJWA_CWrQs | 03 Feb 2019
#WebSecurity #ElectronJs #RCE A video on the finding Remote Code Execution (RCE) on Electron Js Applications SPONSORED BY INTIGRITI β intigriti.com π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
QVZBl8yxVX0 | 28 Jan 2019
#WebSecurity #CTF #HTTPParameterPollution How HTTP parameter parsing could mess things up. SPONSORED BY INTIGRITI β intigriti.com π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw
4Jk_I-cw4WE | 20 Jan 2019
#WebSecurity #OpenRedirect π First video A quickie on Open Redirects. SPONSORED BY INTIGRITI β intigriti.com π΅ Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: https://www.youtube.com/watch?v=yJg-Y5byMMw