Channel: LiveOverflow

Category: Education

Tags: liveoverflowwaf bypassbug bountysqlmapalles ctfcryptographycapture the flagdesign flawcode auditcryptologic flawsecurity audithow to hackexploit tutoriallive overflowhacking tutorialencryptionctfrealistic ctfalles!sql injectiondecryptioncryptowafweb application firewall

Description: In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited. Challenge Files: github.com/LiveOverflow/ctf-cryptowaf Walkthrough: youtube.com/watch?v=ZKrABs-N9wA BugBountyReportsExplained: youtube.com/c/BugBountyReportsExplained 00:00 - Intro 01:33 - Background Story 02:55 - What is CryptoWAF? 04:16 - Implementing Encryption 05:06 - Encryption Challenges 06:59 - Implementing Decryption 07:02 - Design Flaw 08:26 - Exploiting the Design Flaw 09:06 - Leaking Database 10:04 - WAF Bypass 11:04 - Conclusion 12:07 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow