XaiJu
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

Unity Multiplayer/MMO Game - Game Devlog #3

My technical thoughts on building a MMO Game. I have no professional experience in this area, and try to come up with an architecture that is simple to implement but also scalable enough for my needs.

Part 1 - How To Learn Something New?: https://www.youtube.com/watch?v=LTlBElDPDDM
Part 2 - Igniting Creativity: https://w...

View Post

LiveOverflow's Marketing Department

Hey! Several of you have already seen the LiveOverflow marketing department but I wanted to share it clearly for everybody again.

If you have a Discord account connected to Patreon, you should be automagically get added to the "LiveOverflow's Marketing Department" Discord server. If you have issues, ping me on Twitter or Mail or so.

I have said multiple times that I don't want to have a Discord server, and I still don't want one (mostly because of the additional administrative hea...

View Post

Igniting Creativity - Game Devlog #2

How to be creative and get ideas for making a game? In the last video I talked about how I got started with GamDev in in Unity. This video I share the game design aspect and what I do to be creative, in order to come up with hacking challenges.

The first game "Follow the White Rabbit" has two hacking challenges: Fall Damage and Datamining

Download the game for Windows here: 2020-06-24 08:19:40 +0000 UTC View Post

How To Learn Something New? - Game Devlog #1

I got inspired by Pwn Adventure and made a game that is intended to be hacked! But I have never made a game before, so I had to learn game development first. In this devlog I talk about my journey into gamedev with Unity. I describe how I approach a new topic I want to learn. So while it's not directly related to security, it might still help somebody when facing a new massive topic to learn.

This is part 1 of 4.

View Post

CTFs are AWESOME/TERRIBLE!

Hey, this week I have something special(?)/different(?)

I have made two videos - one exploring arguments why CTFs are terrible, and the other video argues why CTFs are awesome. This is a bit of an experiment how to present both sides. I find the discussion about CTFs often oversimplified and I want to show why it totally depends on your point of view. Sometimes CTFs make sense for you, sometimes not. I hope through those videos we can better understand the value of Capture the Flag.

...

View Post

USA Sales Tax Changes on Patreon

Hey everyone,

Patreon is changing sales tax for the USA.
(Patreons from the EU have already been paying sales tax so doesn't apply there.)

Depending on what kind of rewards are provided, and depending on your state, different sales tax apply. Because I mentioned many times that the "Bonus Content" reward on my Patreon is not a guarantee and will happen only occasionally, I have removed the reward officially from the tiers and replaced it with "General Support". As far ...

View Post

Why MissingNo Multiplies Items!

In this part two we investigate how encountering a glitch pokemon will cause the 6th item to multiply. For this we are using Ghidra and SameBoy to debug and reverse engineer the code.

part 1: https://www.youtube.com/watch?v=p8OBktd42GI

View Post

Researching MissingNo Glitch in Pokemon

We are using an emulator to research what triggers MissingNo and come up with a hypothetical story how one could have found and analyzed this glitch.

The full GameBoy Hacking Playlist: https://www.youtube.com/watch?v=ix5yZm4fwFQ&list=PLniOzp3l9V82onKsktyyKlIenAAUj45Mk

Also checkout Stacksmashing's video about modifying GameBoy games: 2020-05-02 21:31:19 +0000 UTC View Post

DLL Injection to Create a Fly Hack - Pwn Adventure 3

We finally managed to make a fly hack to zoom around the map and we learned a lot about Windows game hacking in the process. This is the last video in the PwnAdventure game hacking series.

Full playlist watch here: https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG 

Previous Episode: 2020-04-24 19:41:37 +0000 UTC View Post

Dissecting Pokemon Red Savegame - GameBoy Hax

Reverse engineering the savegame data of Pokemon Red for the GameBoy.

Reverse Engineered old Compression Algorithm for Frogger

Kneesnap reverse engineered an old compression algorithm for his modding tool FrogLord. It can be used to unpack and repack game assets.

Highway Frogs Forum: https://highwayfrogs.net/
Modding Tool: https://github.com/Kneesnap/FrogLord 

View Post

Mindmapping a Pwnable Challenge - intro_pwn/pwn1 CSCG 2020

For our CTF I made a video writeup for the first part of our intro pwnable challenge. I'm trying to draw the mindmap of my thought process while solving a challenge.

Feel free to copy the solution, and then tackle part 2 and part 3 yourself!

You can find the challenge here: https://earth.2020.cscg.de/tasks/Intro%20to%20Pwning%201

View Post

$100k Hacking Prize Nominations - Google Cloud Platform

In 2019, Google announced the GCP Prize. 100.000$ for the best bug bounty report for the Google Cloud Platform. Today we will have a technical look at the nominations. We look for patterns and analyze the type of bugs. 

Blog: https://security.googleblog.com/2020/03/announcing-our-first-gcp-vrp-prize.html 

Nominations:

  • [Obmi]...

    View Post

Deepdive Containers - Kernel Sources and nsenter

Let's play around with Docker a bit more. We learn about the nsenter command, how kernel code execution allows escaping from docker and we look at Linux Kernel source code of getpid().  

Daniel Mitre's blog: https://medium.com/@flag_seeker/linux-container-from-scratch-339c3ba0411d
bocker: https://gi...

View Post

How Docker Works - Intro to Namespaces

Let's figure out how Docker works! We will investigate docker by tracing the syscalls to find the Linux Kernel feature called Namespaces. We also learn about the different ones like process id, network or mount namespaces.

docker → dockerd → containerd → runC → unshare syscall  

Part 1: https://www.youtube.com/watch?v=cPGZMt4cJ0I
LWN Article: 2020-02-21 17:15:16 +0000 UTC View Post

Introduction to Docker for CTFs

I'm using Docker more often for CTFs, but it's also useful to host challenges. More CTFs share Dockerfiles to run it locally, so I figured it's time to give an introduction to docker.

Example challenge and CTF container: https://github.com/LiveOverflow/pwn_docker_example

Next video will be about how Docker actually works ;)

View Post

No Videos? - Update February 2020

Hey everybody!

Because there were no uploads since December, some of you were a bit worried. But everything is fine :) Since I dropped the pressure to deliver weekly videos, I have fallen out of the rhythm creating them; combined with some lack of motivation, I didn't feel super excited working on it more.

I actually have edited the second part of the VLOG from the trip to London (Bug Hunters, Google CTF, ...) a while ago, but I don't want to publish it, because I don't want peopl...

View Post

Haxember Videos #14-19

As mentioned in the post last month [0], I'm bundling 6 of the lower effort videos into one "charged post" on Patreon. So here is the third set of six videos of Haxember!

Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2

Haxember Videos #7-13

As mentioned in the post last month [0], I'm bundling 6 of the lower effort videos into one "charged post" on Patreon. So here is the second set of six videos of Haxember!

Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2

Finding iOS Kernel Exploit // SockPuppet Jailbreak - CVE-2019-8605

Today I have one of the promised typical LiveOverflow videos for you! It's a collaboration with Ned Williamson and has been in the making for a while. 

He also has released a blog post about it on the Google Project Zero blog: https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html

And if anybody wants to complain about the ...

View Post

Haxember Videos #1-6

As mentioned in my previous post [0], I will bundle 6 of the lower effort videos into one "charged post" on Patreon. So here are the first six videos of Haxember!

Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2

There were 4 technical videos that complement the binary exploitation series, and 2 videos with some general "advice"/inf...

View Post

WARNING! Haxember is coming!

I'm planning a small experiment in December, by uploading 24 videos. That's why I wanted to give you a heads up about my plans with charging "per video" on Patreon.

At least 2 videos will be regular full LiveOverflow videos that took a lot of effort - so there will be 2 "charged post" on Patreon.

The other ~22 videos are lower effort in a slightly different style, but still educational. I don't think it w...

View Post

Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn)

New video about the suidbash challenge from the Google CTF Finals 2019. It's about an actual zero-day in /bin/bash - CVE-2019-18276

What do you think about interviews like this for CTFs?

https://www.youtube.com/watch?v=-wGtxJ8opa8

View Post

Next VLOG Preview - my road becoming a travel vlogger influencer #instagram #ad #sponsored

Don't worry, technical videos are still coming! But as I mentioned in my Test VLOG, I was going to travel to an event and I'm just having a bit of fun experimenting.

As some might have already figured out, I was invited by Google to attend the Google CTF finals, as well es a Google bug bounty event. So I'm planning to make some CTF video writeups of challenges from the finals, as well as some more casual VLOGs sharing my experience. I think they are going to be cool.

The screensho...

View Post

Reading Player Position with DLL Injection - Pwn Adventure 3

Another PwnAdventure episode. We are very close to a fly hack! But this time I got some help with creating a .dll for a DLL injection. And then we can use the pointer paths we have found last video, to read the player position from the Pwn Adventure 3 game process.


🌴 Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG


View Post

Test VLOG / Channel Updates / Building PC

I have created a test VLOG including some info about the past few months.
I was very busy with my master thesis, but I'm finally done. I don't know yet if I will pass, but for now I am free again :D
I will also travel this week and try to VLOG it, that's why I attempted a test VLOG.

Let me know what you think, and if I should publish this video for non-Patrons: https://forms.gle/kTdm5Ja4LJZoK3DM7

View Post

Google Paid Me to Talk About a Security Issue!

I think this video is really cool. Google reached out to me to make a video about a vulnerability a bug hunter found in one of their products!

What do you think about it?

View Post

Finding Player and Camera Position for Fly Hack - Pwn Adventure 3

We continue doing some Cheat Engine work to find the player's and camera's position. This will help us to implement a fly hack in a future episode.

blog: https://liveoverflow.com/player-and-camera-position-for-fly-hack-pwn-adventure-3-2/
playlist: https:/...

View Post

How Speedrunners Use Game Hacking Tools

We continue our journey in Windows Game hacking with Pwn Adventure 3, by looking at Pointer Scans from Cheat Engine. And surprisingly the same techniques are being used by speedrunners to implement automatic time splitters.

blog:  https://liveoverflow.com/why-speedrunners-are-hackers-and-cheaters/ 

View Post

Windows Game Hacking with Ghidra and Cheat Engine

We are going to learn basic game hacking on Windows with Cheat Engine and Ghidra.

Pwn Adventure 3 Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG

blog: https://liveoverflow.com/getting-started-with-windows-game-hackin...

View Post