Y

YouLibs

Remove Touch Overlay

How SUDO on Linux was HACKED! // CVE-2021-3156

Duration: 19:56Views: 161.5KLikes: 8.9KDate Created: Apr, 2021

Channel: LiveOverflow

Category: Education

Tags: liveoverflowbuffer overflowfuzzerheap feng shuilocal rootcritical sudoheap overflowlive overflowvulnerability walkthroughhacking tutorialbug analysissudofreeprivilege escalationmallocfuzzingaflsudoeditbruteforcebaron samedithow to hackexploit tutorialroot exploitcve-2021-3156heap-based overfllow

Description: The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit. liveoverflow.com/support Article: liveoverflow.com/critical-sudo-vulnerability-walkthrough-cve-2021-3156 Binary Exploitation Playlist: youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN PwnFunction's Binary Exploitation Playlist: youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2 Full CVE-2021-3156 Advisory: packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html Qualys Blog: blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit milek7's blog on fuzzing sudo: milek7.pl/howlongsudofuzz 00:00 - Intro and Motivation 01:33 - afl: Fuzzing argv[] 03:22 - afl: sudo vs. sudoedit 04:27 - afl: Fuzzing setuid Process 06:49 - Fuzzing Conclusion 07:11 - Code Review: Identify Risky Code Through Isolation 09:39 - Code Review: Bypass Safe Conditions 11:15 - Exploit Strategy: Modern Mitigations 12:25 - The service_user Object Overwrite Technique 13:48 - Heap Feng Shui via Environment Variables 14:57 - Bruteforce Script to Find Exploitable Conditions 15:39 - Find and Analyse Useful Crashes 16:31 - Exploitability Analysis Conclusion 17:13 - Qualys Researchers Knew nss From Stack Clash 17:47 - Sudoedit Exploitable on macOs? 18:32 - Research Conclusion 19:27 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Website: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow

Swipe Gestures On Overlay
Home
Channels
All Videos
Categories
Tags
Related
Infinite Masonry

Related

Sorts:
Filters:
CategoryChannelDate CreatedDurationLikesPopularityTagsTitleViews
1-10mins10-30mins30mins+past weekpast monthpast year2021-20242015-2020
  • "HASTA NAMASTEY" BIZEN ( Official Video )Ness Studio03:31Jun, 20195.5Mbackgroundvideo thumbnail for: "HASTA NAMASTEY" BIZEN ( Official Video )
  • Most Unorthodox Fighter.Lawrence Kenshin Striking Breakdowns09:17Nov, 2021566Kbackgroundvideo thumbnail for: Most Unorthodox Fighter.
  • Dropkick Murphys "The Boys Are Back" (Official Music Video)Dropkick Murphys03:22Feb, 201320Mbackgroundvideo thumbnail for: Dropkick Murphys "The Boys Are Back" (Official Music Video)
  • Aussie teaches Chinaman - AFL Footyyourchonny03:43Aug, 20161.4Mbackgroundvideo thumbnail for: Aussie teaches Chinaman - AFL Footy
  • WTF HAPPENED IN 2021 - Ozzy Man ReviewsOzzy Man Reviews21:14Dec, 20211.8Mbackgroundvideo thumbnail for: WTF HAPPENED IN 2021 - Ozzy Man Reviews
  • Peterbilt 520 - Heil Half/Pack Freedom w/ The Curotto-CanThrash 'N' Trash Productions10:01Dec, 2018897Kbackgroundvideo thumbnail for: Peterbilt 520 - Heil Half/Pack Freedom w/ The Curotto-Can
  • Best Free Alternatives To Adobe Creative SuiteLogos By Nick07:03May, 2020863.3Kbackgroundvideo thumbnail for: Best Free Alternatives To Adobe Creative Suite
  • Stop Eating Poison - John McDougall MDVegSource01:23:38Jun, 2019852.7Kbackgroundvideo thumbnail for: Stop Eating Poison - John McDougall MD
  • Things I Stopped Buying - Low Waste + Saving MoneyFairyland Cottage10:28Oct, 2020604.4Kbackgroundvideo thumbnail for: Things I Stopped Buying - Low Waste + Saving Money
  • How To Earn Rs 18000/- In one Week. Best Online Earning Tips in HindiTechnical Babu18:06Sep, 2017811.7Kbackgroundvideo thumbnail for: How To Earn Rs 18000/- In one Week. Best Online Earning Tips in Hindi
    • Items shown
    to: 10
    of:999
    123...100