- 194
- 51 359 443
Low Level Learning
United States
Приєднався 18 жов 2020
Teaching you 🧠 about the lowest level
i cant stop thinking about this exploit
Did you know you can get hacked by a picture? In this video we'll deep dive the libwebp CVE from September of last year because it is SO insane.
initial writeup: blog.isosceles.com/the-webp-0day/
poc: github.com/mistymntncop/CVE-2023-4863
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store/
Follow me on Twitter: LowLevelTweets
Follow me on Twitch: twitch.tv/lowlevellearning
Join me on Discord!: discord.gg/gZhRXDdBYY
initial writeup: blog.isosceles.com/the-webp-0day/
poc: github.com/mistymntncop/CVE-2023-4863
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store/
Follow me on Twitter: LowLevelTweets
Follow me on Twitch: twitch.tv/lowlevellearning
Join me on Discord!: discord.gg/gZhRXDdBYY
Переглядів: 261 036
Відео
i changed my mind about zig
Переглядів 143 тис.14 днів тому
For a long time, I really didn't understand where Zig fit in in the developer ecosystem. Now, I think I get it. 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87 Practical Reverse Engineering: x86, x64, ARM, ...
nation state hackers caught exploiting cisco firewalls
Переглядів 196 тис.21 день тому
An advanced backdoor has been found on several Cisco ASAs around the world. Reported by Cisco Talos, these backdoors are sophisticated, and hint towards a larger campaign targeting telecommunications providers and energy sector organizations around the world Talos Report: blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ 🏫 COURSES 🏫 ...
this is a warning to anyone using php
Переглядів 195 тис.21 день тому
An 8/10 vulnerability has been found in glibc, that could lead to the compromise of PHP around the world. Check it out in this video. nvd.nist.gov/vuln/detail/CVE-2024-2961 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87 Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, R...
zero-day vulnerability in Palo Alto firewalls exploited in the wild
Переглядів 113 тис.Місяць тому
A critical 10/10 vulnerability has been found in Palo Alto's firewalls, but how important is it really? Check it out in this video. security.paloaltonetworks.com/CVE-2024-3400 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87 Practical Reverse Engineering: x86, x64, ARM, Windows Kernel...
major security vulnerability found in rust (over hyped?)
Переглядів 131 тис.Місяць тому
A critical 10/10 vulnerability has been found in Rust, but how important is it really? Check it out in this video. github.com/frostb1ten/CVE-2024-24576-PoC 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87 Pr...
revealing the features of the XZ backdoor
Переглядів 269 тис.Місяць тому
In this video we play with xzbot, the tool developed by @amlweems at Google, and use it to show off the scary functionality of the xz backdoor. @amlweems: amlweems xzbot: github.com/amlweems/xzbot original story: openwall.com/lists/oss-security/2024/03/29/4 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Rev...
secret backdoor found in open source software (xz situation breakdown)
Переглядів 418 тис.Місяць тому
Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing. openwall.com/lists/oss-security/2024/03/29/4 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87 Prac...
new linux exploit is absolutely insane
Переглядів 408 тис.Місяць тому
The new privilege escalation against the Linux is absolutely wild. In this video we talk about what a privesc is, how they typically work, and why the techniques used in this one are so wild Writeup: pwning.tech/nftables/ PoC: github.com/Notselwyn/CVE-2024-1086 Author: notselwyn/ 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi....
researchers find unfixable bug in apple computers
Переглядів 680 тис.Місяць тому
A new bug in the Apple M1, M2 and M3 Silicon is reeking havoc. Spectre Paper: spectreattack.com/spectre.pdf Gofetch Info: gofetch.fail Gofetch Paper: gofetch.fail/files/gofetch.pdf 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 👕 MERCH 👕 Like the shirt? lowlevel.store 📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down 🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒 Blue Fox: ...
US Government declares the safest programming language
Переглядів 94 тис.2 місяці тому
US Government declares the safest programming language
why rust libraries may never exist.
Переглядів 212 тис.2 місяці тому
why rust libraries may never exist.
How I Wrote a Script that Cracks Code Automatically
Переглядів 61 тис.2 місяці тому
How I Wrote a Script that Cracks Code Automatically
the internet of things is completely out of control
Переглядів 64 тис.3 місяці тому
the internet of things is completely out of control
unlock the lowest levels of coding
Переглядів 216 тис.3 місяці тому
unlock the lowest levels of coding
a strange but powerful interview question
Переглядів 263 тис.3 місяці тому
a strange but powerful interview question
why riot's new anti-cheat is a HUGE problem.
Переглядів 301 тис.4 місяці тому
why riot's new anti-cheat is a HUGE problem.
i wrote my own memory allocator in C to prove a point
Переглядів 325 тис.4 місяці тому
i wrote my own memory allocator in C to prove a point
demystifying the secret structure you've been using all along
Переглядів 90 тис.5 місяців тому
demystifying the secret structure you've been using all along
C Programmer Learns Haskell and DOESN'T Cry? (Coding in a Random Language Every Day)
Переглядів 76 тис.5 місяців тому
C Programmer Learns Haskell and DOESN'T Cry? (Coding in a Random Language Every Day)
Lua's Arrays are Wrong and YOU KNOW IT. (Coding in a Random Language Every Day)
Переглядів 59 тис.5 місяців тому
Lua's Arrays are Wrong and YOU KNOW IT. (Coding in a Random Language Every Day)
We Made Up. (Coding in a Random Language Every Day - Day 4)
Переглядів 38 тис.5 місяців тому
We Made Up. (Coding in a Random Language Every Day - Day 4)
Rust Finally Betrayed Me (Coding in a Random Language Every Day)
Переглядів 85 тис.5 місяців тому
Rust Finally Betrayed Me (Coding in a Random Language Every Day)
PHP is Wack. (Coding in a Random Language Every Day)
Переглядів 53 тис.5 місяців тому
PHP is Wack. (Coding in a Random Language Every Day)
I Coded in a Random Programming Language Everyday, For Science
Переглядів 68 тис.5 місяців тому
I Coded in a Random Programming Language Everyday, For Science
the cleanest feature in C that you've probably never heard of
Переглядів 121 тис.5 місяців тому
the cleanest feature in C that you've probably never heard of
everyone should test their code this way
Переглядів 76 тис.7 місяців тому
everyone should test their code this way
why are switch statements so HECKIN fast?
Переглядів 361 тис.7 місяців тому
why are switch statements so HECKIN fast?
More of this please. Mainly system calls and such.
Doesn't the US government use Cisco network security and firewalls? Yes, yes they do.
Motivation isnt what you need. Discipline is what you have to craft inside yourself
but bro that girl 😢 was kinda cute .. anyway i forgot to push code into GitHub so
Maybe learn how to code with compiler errors lol
Did someone say, Snowcrash?
Not only US bro, India also 😢
One thing many folks might not understand is that the attacker needs to have access to the system to exploit/gain this privilege. That being said, it can be used in a process where user xyz is harmlessly (or intentionally) installing something onto the box itself. This doesn't mean that any Linux system sitting idly on a network can be exploited from a pure network means. One of the overcites most folks make is hearing there is an exploit that gains root access means you need to drop everything and patch any and every system running Linux distro version xyz as the exploit affects them immediately. It really depends on the system, it's use, it's broad access, and several other factors. Granted, this is not to say you should not address such a situation, but by all means it doesn't mean the sky is falling either. All the same, very interesting how this one works, and thank you for breaking it down the way you have.
Google's policy on the use of spaces has been my policy in every language I've coded in since 1976, except for assembler, G-code, and antiquated versions of BASIC.
Another reason to stop playing this game.
Maybe I am missing something, but aren't all languages like this. A variable gets its value in runtime, no way for the compiler to check that value, so you either check array length or try and catch. How is this special to C?
Still not able to understand how this exploit is able to take control over the computer as the moders operating system are designed in such way to not permit one process to access the memory space of another even if a buffer overflow occurs. Maybe that bug it is into a library that is executed in privileged mode by the OS?
Hi LowLevelLearning, how do you draw diagrams on the black screen, do you use a drawing tablet?
my Vivald Browser crashed 2x recently, while showing ads. possibly...
Did you check how many times you were saying same thing, like unpacking same info again and again. I like the topics you cover man, but knowledge density is often low here. Sorry if i sound rude, I did not mean to.
there's a chess streamer writing a cease and desist as we speak /j
8:10 then great, if something major were to happen. about time these top 500 put something back into open source than only extracting. FUTO all the way
Decades ago I was told "we use Windows at this company because it's secure and stable. You cannot run Linux". So I sent out an email to the entire company with an urgent sounding headline. It contained an HTML IMG tag with the source set to C:\CON\CON There was absolute chaos as nobody could open Outlook after their computers blue-screened and restarted... Because it was the last message in their inbox, and it would display it before it got around to polling the exchange server for new messages. It would even crash if you went in through the web interface.
ok nerd
I love the how NSO exploited legacy scan compression to create virtual processor and then evaluate whatever code you do and eventually escape it's prison and eventually take over device. AND it's zero interaction from the user at all.
Another reason why webp sucks.
In computer class, we had breaks, so i played roblox,AND OH MY GOD. I saw peoples password... i was so scared. Edit: my teacher said i accidentaly reverse engineered💀
I've been watching your videos for some time but this particular one made me subscribe to your channel. Thanks for making these difficult videos.
..so many backdoors.. according to the door..so is the key...WHat kind of dOor u wAnna open... a poor 1 or a Multimillionaire1... but without comprehensIon u cannot open it...
is the mov instruction pseudo instruction? or in cisc everything is a proper instruction)
What's your opinion about V programming language?
It is skill issue because people exit the market and enter the market and dont think about security. People cannot be trusted...
gotcha 7:48 bruh +1
The basics of computer security is treating data as data, and code as code. As soon as you treat data as code it will be exploited.
I would prefer C more because of it's transparency.
...or just use SI (A.K.A. metric)...
yes, it's worth it. It's the most powerful language. It allows for high level abstractions while maintaining incredibly high performance. I agree on that you should first learn C and then move to C++.
this is really a noob moment there, but seriously this is how it should be, it shouldn't be hard to put a website on the internet like how we need to go through myriads of configuration between our domain and hosting services
that rare thing - a youtuber prepared to admit that they changed their mind subbed
Why is nasa using C?
C is a shit language to allow buffer overflows.
Why don't you just read the stack pointer? This is a feature of C.
yeah i'd figure it's not really possible because of all the action at compile time - can't really do some of that if half of the stuff is already compiled well, whatever, it's worth it!
learn haskell first, then zig, then rust
Ok but does zig also make error handling a hell where adding one error check infests every layer of your program and your function values become confusing errors that you spend half a day trying to unwrap for some meaningful result.
Did you check out ChatGPT 4o for reverse engineering? I’m trying for a ecu firmware and I’m impressed how well it did
TYLLLG
I like Rust!
Scammer
Thanks I’ll remember that! C has been like decrypting an ancient wizard tome for me; and just as fun!
People are going to defend C++ as if its not Java without a garbage collector rather than C with classes. Use rust if you need C with more features.
Ah, so you like that C is a high level assembly language
I was programming in C when you were in diapers I learned how the program from Paul Kearney and Dennis Richards 😮😢😅😅😂
Welp this taught me how I would probably end up just slamming my data into the gpu to get faster frames ig?
or not maybe
How exactly you can write code without exceptions if any place in a code can produce at the very least out of memory exception?