Buffer Overflows: A Symphony of Exploitation

Рет қаралды 65,167

Күн бұрын

⚠️* Disclaimer:
The information presented in this video is for educational purposes only. It is not intended to be used for illegal or malicious activities. The creator and any individuals involved in the production of this video are not responsible for any misuse of the information provided. It is the responsibility of the viewer to ensure that they comply with all relevant laws and regulations in their jurisdiction.
I really hope you enjoyed this video! Comment "0x41414141" if you read this!
🔖 My Socials:
avatar/mascot made with picrew: picrew.me/en/image_maker/1108773
- full credits to the artist: / mimisentakosen
- visit her shop: coconala.com/services/1871766...
official discord server: dsc.gg/crow-academy
crows-nest.gitbook.io/
github.com/cr-0w
/ cr0ww_
💖 Support My Work
/ cr0w
ko-fi.com/cr0ww
www.buymeacoffee.com/cr0w
Join this channel to get access to perks:
/ @crr0ww
🖥️ Extra Resources:
ropemporium.com/
github.com/rosehgal/BinExp
📹 Videos/Channels Mentioned:
TCM's BOF Playlist:
• Buffer Overflows Made ...
LiveOverFlow's Python2 vs Python3:
• Python 2 vs 3 for Bina...
🎵 Music Credit goes to Ian Taylor, and Adam Bond (a variety of OSRS OSTs): Created using intellectual property belonging to Jagex Limited under the terms of Jagex's Fan Content Policy. This content is not endorsed by or affiliated with Jagex.
The images and music used in this video are used under the principle of fair use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. I do not claim ownership of any of the images/music and they are used solely for the purpose of enhancing the content of the video. I respect the rights of the creators and owners of these images and will remove any image upon request by the rightful owner.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing.
🕰️ Timestamps:
00:00 - Intro
00:31 - Background
02:25 - What is a Buffer Overflow?
05:06 - Secure Example
07:21 - Insecure Example
07:52 - Prerequisites
09:03 - Exploitation Checklist
10:16 - Assembly Basics
11:56 - Common Pitfalls
12:43 - Getting Our Hands Dirty
19:07 - Exploiting The Binary
20:37 - Bonus
21:05 - Challenge
29:50 - Outro

Пікірлер: 226

@mongru Жыл бұрын

Now this is the content I wanted to see

@crr0ww Жыл бұрын

>:)

@phantompuma228 Жыл бұрын

Honestly, I know basically nothing about hacking, yet this was so digestible and entertaining!

@crr0ww Жыл бұрын

AH ❤️ tysm that’s the plan!! :)

@honeish4662 Жыл бұрын

PLEASE I BEG YOU KEEP SHARING YOUR KNOWLEDGE IN THAT WAY, THAT'S A BANGER

@crr0ww Жыл бұрын

AAAA THANK YOU SO MUCH :"))!! , AND WILL DO :D

@gurucode.studio Жыл бұрын

I thought KZfaq is very poor when we talk about this type of content until I found your channel 🤩🤩

@crr0ww Жыл бұрын

thank you so much for the kind words :’)

@MindlessMurphy555 Жыл бұрын

Love the way this was put together, very entertaining as well as informative!!

@crr0ww Жыл бұрын

thank you so much! :)))

@user-qo2mn6yr1n Ай бұрын

This is literally the only video about buffer overflow which made it so simple, i could understand.

@Cyanbland_ 9 ай бұрын

This video is awesome! Thank you for putting the effort!

@toddwright3619 Жыл бұрын

That is the most comprehensive example of how a buffer overflow works that I have ever seen in a video. I have only seen it explained in books on the subject. That was a well done video and most programmers have no idea how important it is to check buffers because most don't know anything about how the processor actually works. This would be a good video for all programmers to see. I am not a professional programmer, it is a hobby interest for me but it is also a hobby interest to learn how the circuitry in the computer at the logic level actually works so it naturally makes since to me how the overflow attack works. Well done.

@crr0ww Жыл бұрын

Todd, I wanted to take a moment to write out a special message for you. Something about your message really pulled on some heartstrings for some reason, so number 1, thank you so much for the kind words, seriously it means so much to me. Secondly, I completely get what you're saying. It's inherently a pretty technical subject to cover, I mean there are so many moving parts and most of them are seriously pretty low-level in relation to the CPU; and the 1s and 0s therein. As you were saying, most programmers have probably heard of these kinds of attacks but since they typically use such a high-level/highly-abstracted language that handles memory management and does garbage collecting for them, it can very easily slip their minds which, 100% downplays the severity of it. It's because of this reason that I decided to make a video so that ALL of us, as a community - hackers, programmers, infantile water lizards, etc. could learn about these kinds of vulnerabilities :) Thank you so much for commenting, Todd. Keep up the great work as well! I hope you stick around! :D

@MrSevenEleven Жыл бұрын

This is so refreshing, in a sea of lame-ass videos of dudes with Guy Fawkes masks talking about "hacking like Mr. Robot." I love your videos.

@abhishekkaith1686 Жыл бұрын

Time to write every program in rust 😅

@tabotkevin8116 Жыл бұрын

Hello Crow, I love your content and I just stumbled on it yesterday. One other thing caught my attention, please can you make a mini series showing how you mod(riced) your operating system, and the fonts and zsh shells and theme you are using? It looks so good!

@crr0ww Жыл бұрын

thank you so much!! that means so much to me :') and of course! i have a ricing/modding series already planned for the future, stay tuned! :D

@naltun4702 Жыл бұрын

Easily the best video on buffer overflows I've seen. Thanks!

@crr0ww 10 ай бұрын

thank you so much for watching

@martinguti95 Жыл бұрын

Loved the format! Keep at it man! :)

@crr0ww Жыл бұрын

thank you so much, enrique 🥹❤️ will do ! : )

@ajayshripal4027 Ай бұрын

Best video made on buffer exploitation

@Gobillion160 11 ай бұрын

LMAO IVE REWATCHED THIS LIKE 10 TIMES NOW AND JUST NOTICED THE OSRS MUSIC IN THE BACKGROUND

@crr0ww 10 ай бұрын

BRO LMAO

@Anonymous-im9yz 3 ай бұрын

Thank you man this vid show me the whole pic and and imporve my understanding thank you again

@hexadecimalhexadecimal5241 10 ай бұрын

amazing vid, love the osrs music!! you can return to a function thats never called in a program ------> *brain implodes*

@CloseCallss 9 ай бұрын

i swear your so entertaining how do you evencome up w this

@originalni_popisovac Жыл бұрын

im your 99th subscriber, keep going to 100!

@crr0ww Жыл бұрын

thank you so so much!! we made it to 100!! :D

@originalni_popisovac Жыл бұрын

@@crr0ww man you have 344 subs now

@crr0ww Жыл бұрын

@@originalni_popisovac it's so crazy!! i know the channel has been growing so fast : )

@fabiorj2008 Жыл бұрын

Love the video. Amazing. Despiste about all usefull explanation I cant stop think about your teminal theme. Keep going and thanks for your time.

@laurentiustefan398 Жыл бұрын

It is as if all the brain of the internet condensed into this channel

@hutch-uu322 3 ай бұрын

Love your stuff man. I want to be like you when I grow up :)👍

@HTWwpzIuqaObMt Жыл бұрын

Οh thats some good content. I guess im your 47th sub hahah keep it up

@crr0ww Жыл бұрын

i will always remember you, lil skeleton >:) thank you so much

@HTWwpzIuqaObMt Жыл бұрын

@@crr0ww ❤️

@BruceAlmighty1 16 күн бұрын

Osrs music made this video 10x better, gg

@zer0day463 Жыл бұрын

Really loved this masterpiece, you deserve billion subs

@crr0ww Жыл бұрын

😂 thank you so much, i really appreciate it!

@zer0day463 Жыл бұрын

@@crr0ww glad you did

@gabrielguedes197 10 ай бұрын

Amazing video! tltr - can you tell me which programs you have been using to making your videos? I have been thinking about making videos like yours, but in Portuguese (I’m from Brazil), and with a defensive approach/perspective. But I have no idea how to do it, I just have the content knowledge and some digital notes. What kind of programs I have to learn about, to make an animated video like this

@F16_viper_pilot 11 ай бұрын

0x41414141 Happened to stumble upon your channel recently, and quite happy I did. As a very seasoned (old) IT guy, I find your videos highly educational, and I love your sense of humor and all the little drawings and such! Keep up the great work!

@crr0ww 10 ай бұрын

thank you so much! : ) im so glad you enjoyed it, that's very kind of you

@hoblikdlouhovlasy2431 Жыл бұрын

Nice work buddy, keep it up!

@crr0ww Жыл бұрын

thank you so so much!! :D

@jensnielsen8612 Жыл бұрын

Great video! One thing about the secure example, although that specific version is not insecure, it's important to note that dependent on the size of your buffer (even if you only read the buffer size in) can become insecure. When taking input into a buffer with read, it's usually pretty smart to only read untill the 2nd to last byte. Eg. if you have a buffer of size 200, you read in 199 bytes, this is because read does not supply a NULL byte or anything to terminate the string for you. Why is this an issue? If you're for example printing a string where input is supplied with read, and you're printing using the %s modifier. Printf will print untill a NULL byte is hit. If your buffer happens to be 8 byte aligned the user may fill up the 8 byte buffer completely, without a NULL byte. The printf will subsequently print those 8 bytes and whatever is found in memory afterwards, if whatever is found happens to not be a NULL byte. This is a leak primitive. As an example I took your secure program and changed the buffer size to 256 and the read size to 256. So char buf[256] and read(0,buf,256). Output looked as follows: AAAAA..

@crr0ww Жыл бұрын

:O that was fascinating... (you really DO learn something new everyday xD)!! seriously, thank you so much for such a detailed explanation; I had a blast reading this and will definitely try to tinker with this soon (right now, I'm following the malloc maleficarum and working on the house of force - really exciting stuff!) :D!! AND THANK YOU SO MUCH for subscribing and the kind words, Jens! :')

@jensnielsen8612 Жыл бұрын

@@crr0ww heap stuff is where it gets really exciting! Looking forward to see what videos you might make on it! If you're diving into heap stuff I can recommend using pwndbg instead of peda for debugging btw. As it has bindings for checking the heap and free bins. This makes it a lot easier to keep track of what's going on instead of having to manually parse the heap to figure out what's going on 👌

@crr0ww Жыл бұрын

@@jensnielsen8612 I 100% agree; this heap stuff is insanely intriguing (oh and you best believe I'm going to make a video on heap exploitation :)) I've already got pwndbg running and have been using it religiously recently xD, and MAN is it magnificent :D tysm for having this little interaction with me, jens! you really made my day :)

@arandominternetuser5614 Жыл бұрын

first video? this is great!

@crr0ww Жыл бұрын

thank you so much!! that means so much to me :'D

@recomended4494 Жыл бұрын

0x41414141 Loved the video, I never really understood buffer overflows even though I have been exposed to it for a while. The video is well structured and the comedy makes the digesting of such technical information smooth. May I know what OS you're using? It looks really cool. Thanks again for the video, expected to see a lot more on technical/niche cyber topics.

@crr0ww Жыл бұрын

0x41414141 🫡 Thank you so much for the comment, I'm so glad you enjoyed it; that makes all of this super worth it

@thesuperflexibleflyingtaoi8866 11 ай бұрын

awesome! Fun to watch and listen!

@milescolon1793 Жыл бұрын

i love your content Crow!

@crr0ww 10 ай бұрын

appreciate 'cha, thank you so much

@matteobucci6517 Жыл бұрын

This is the channel I've been looking for for aaaaaages

@mofokenginnocent6378 11 ай бұрын

i love it just needed a reminder

@Kyle_Hacks Жыл бұрын

bro im invested in this channel

@crr0ww Жыл бұрын

AA THANK YOU SO MUCH, that's so nice 🥲❤

@eddr98 Жыл бұрын

Love the content and loving the background RuneScape music

@crr0ww 10 ай бұрын

thank you!

@timlosito9421 Жыл бұрын

This is an amazing video. Thank you!

@crr0ww 10 ай бұрын

thank you so much

@antruong7174 6 ай бұрын

best quality channel

@offensive-operator Жыл бұрын

Broooooooooooooo!!!! please continue manking videos like this one pleasseeeee!. that was really fun

@crr0ww Жыл бұрын

thank you so much, that's so nice!! :"D there are some videos planned right now just hold on a littttttle longer ;)

@wetfish412 Жыл бұрын

absolute gold

@noorkhara1429 Жыл бұрын

this video made me giggle as well as taught me something

@crr0ww Жыл бұрын

i'm so glad!! thank you :)

@taurusrising5243 Жыл бұрын

Heeyyyy!! Mama Murphy approves this channel!! Much love buddy!!

@crr0ww Жыл бұрын

AAAA THANK YOU SO MUCH!

@sperpflerperberg8147 Жыл бұрын

This was an awesome video!

@crr0ww Жыл бұрын

thank you so much! that’s so kind of you :) i’m glad you enjoyed it

@realjame Жыл бұрын

Cool video, hope you go viral soon.

@crr0ww Жыл бұрын

i REALLY appreciate that, thank you so much! :)

@Cdaprod Жыл бұрын

This is my jam

@SpaghettiRealm Жыл бұрын

Great content. Subscribed!

@crr0ww Жыл бұрын

thank you so much, yassine! :D

@SpaghettiRealm Жыл бұрын

@@crr0ww thank you for producing such an informative and entertaining content. Keep up ♡

@roxel849 Жыл бұрын

LOVE your way man. +1 sub

@crr0ww Жыл бұрын

thank you so much! :D

@ruycr4ft 11 ай бұрын

Nice video! Stack Based BoFs are cool, but an idea, what do you think about ROP BoFs? I think those are the most triky ones ahahahahah Anyways, very cool video!!

@crr0ww 10 ай бұрын

thank you so much! ROP is definitely one of my favourite techniques, there are also some variants of ROP itself XD (sROP, etc.), I'll be sure to cover it :>

@CuriouslyWatching Жыл бұрын

0x43434343 15:34 You just dissed all the Indians in all tech comment sections😈😈😂

@DexieTheSheep Жыл бұрын

Great explanations! Just curious, does that background music use the Mother 3 soundfont?

@crr0ww Жыл бұрын

thank you so much for commenting! :D ahhh as much as i love the mother/earthbound games and music, I didn't use it here : ( I used music from a game called "old school runescape" : )

@DexieTheSheep Жыл бұрын

@@crr0ww ah i thought the timpani and the high hat sounded familiar but ig not. :)

@lukasm09 9 ай бұрын

so we were given a task in university where we should exploit a program with a buffer overflow as we were learning about assemly at that time. Didn't understand shit so that's why i'm here. BUT: Can you actually expect to face programs where you can use buffer overflows or is software secure enough for that?

@marcoantonio7648 Жыл бұрын

YES, Harry Potter hacking mad. The videos that I need in MY BLOOD

@crr0ww Жыл бұрын

😂😂 LET’S GOOO tysm for commenting xD

@aalekhmotani3877 Жыл бұрын

Amazing 🔥

@crr0ww Жыл бұрын

hehe tysm bro! :D

@donmo1461 Жыл бұрын

Awesome!

@crr0ww Жыл бұрын

you’re awesome

@neuxell Жыл бұрын

every time i hear that runescape music, all i can think of is waiting literal hours to play the game, just on that menu...

@crr0ww Жыл бұрын

trust me, i feel you. there is no game like runescape : ') just hearing the music and editing it brought me back straight to lumbridge. those were the days :')

@victorbonato843 4 ай бұрын

pretty cool

@samthelamb0718 4 ай бұрын

you should make a video about heap exploitation, or maby a series??

@SomeGuyWatchingYoutube Ай бұрын

If you have a FreeBSD router, with 1024 rx and tx descriptors is it more or less safe to give windows 1023 rx/tx buffers or 1025 rx/tx buffers?

@crusader_ 2 ай бұрын

How's your xxd printing ascii on the right? my one only shows hex values in output

@mr_0_0 Жыл бұрын

Damn the algorithm is in your favor man

@crr0ww Жыл бұрын

looks like my sacrifice to the youtube gods actually paid off >:)

@LetsPkBro 11 ай бұрын

Hey crow just curious - first time learning about some of this stuff. What if their are no functions "worth exploiting" if that makes any sense. I guess the idea is that it gives you access to return any function within the program itself and that's beneficial but seems like it could be pointless if their is nothing worth exploiting? Can you do any function "injection"? That might not make any sense haha.

@crr0ww 10 ай бұрын

hey, that's actually more common than what you might think! : ) in that scenario, it's a bit trickier but it can still definitely be done. that's when you'd want to look at something like using ROP for your exploit(s) :) hope that helps

@antonlomakin7872 4 ай бұрын

Hey, somehow I am facing "not found in pattern buffer" when trying to find an EIP offset. What could be the reason and do you have some guidelines where I can look deeper in this EIP process? thanks!

@korsate Жыл бұрын

nice video! i am now hacker boy 9000

@crr0ww Жыл бұрын

glad to be of service, hacker boy 9000!

@raphaelradespiel9970 Жыл бұрын

Thank you father log. Great video, in gonna go overflow some buffers now

@crr0ww Жыл бұрын

of course my son, thou shall floweth over any buffer thou shall see ❤️🥹

@raphaelradespiel9970 Жыл бұрын

@@crr0ww father is it biblical cannon to tattoo 0xDEADBEEF on my arm?

@crr0ww Жыл бұрын

@@raphaelradespiel9970 if the necro-cow calleth to you, let thine deadbeef in >: )

@raphaelradespiel9970 Жыл бұрын

@@crr0ww thanks mate, in all seriousness, I really enjoyed your video. Got me in the mood to try this out. Good balance of e entertainment and education

@crr0ww Жыл бұрын

@@raphaelradespiel9970 thank you so much that means so much 😭❤️❤️

@davidwong2836 Жыл бұрын

I logged in my Google account just to liked and say that I enjoyed all your content!

@crr0ww 10 ай бұрын

i appreciate that so much, thank you! : )

@flightman2870 Жыл бұрын

39 seconds into the video *Subbed cos good animation

@crr0ww Жыл бұрын

thank you so much!! :D

@Gobillion160 Жыл бұрын

amazing video

@crr0ww 10 ай бұрын

appreciate you

@adamvalt6609 Жыл бұрын

Hi, amazing video about the basics! what is the poffset tool used at 13:51? 0x41414141 :)

@crr0ww Жыл бұрын

hi thank you so much for the sweet comment! oh, and 0x41414141 🫡

@adamvalt6609 Жыл бұрын

@@crr0ww oh, so tools from metasploit. Thanks!

@user-hk3yv2jg4o 10 ай бұрын

what os is this? and thanks for the great content!

@crr0ww 10 ай бұрын

thank you so much

@costelinha1867 Жыл бұрын

This video is kinda interesting... although I also find it super scary that I find this video interesting.

@crr0ww Жыл бұрын

ahhh balanced as all things should be >:) thank you so much!

@bdnugget Жыл бұрын

The Runescape music was confusing since I'm playing it while watching this vid but the music doesn't match the area where I am in the game

@crr0ww 10 ай бұрын

LMAOOO mb XDD

@comosaycomosah Жыл бұрын

Hmmm your voice sounds familiar but didnt recognize old channel

@cynical5062 Жыл бұрын

Cool video!

@crr0ww Жыл бұрын

thank you so much! : )

@cynical5062 Жыл бұрын

@@crr0ww Of course! I'm always happy to hand out credit where it's due (and it's definitely due here). Your art style is cute and your videos are informative. Keep it up! Have a nice day, cheers from Canada!

@every0ne Жыл бұрын

What'd you use to make this video? It looks great

@crr0ww Жыл бұрын

tysm : ) i used davinci resolve to make this (& all my other vids)

@Mauzy0x00 Жыл бұрын

I'm happy I ran into this video.

@crr0ww Жыл бұрын

thank you so much : D!!

@Mauzy0x00 Жыл бұрын

@@crr0ww :) Subscribed, I’ll be following your content

@crr0ww Жыл бұрын

@@Mauzy0x00 YOU'RE THE BEST TYSM 😭♥

@fateennavid 10 ай бұрын

Hello! I am actually learning these stuffs and also about cybersecurity in general as a newbie, and I want to ask something. If you come across this comment, please feel free to answer :3 I have been getting SIGABRT error instead of SIGESEV error as mentioned in the video, been facing some problems for that. Can anyone explain why and how is this happening? and also, how to bring sigesev error as demonstrated?

@DaniloTodorovic 10 ай бұрын

I have had the same issue. I tried writing more characters into the buffer (for example, 5000 worked for me in the sense that it gave me SIGSEV error, but the contents of my EIP (RIP in my case) register are not repeating 'A's but (vmovdqa ymm1,YMMWORD PTR [rdi+0x1]) instead. I would like to know what the issue is as well. Edit: I just thought of this, but could the issue be with the CPU architecture, since I have an AMD CPU? Could the difference between Intel and AMD CPUs be causing the difference in behavior?

@dawsondittus4785 11 ай бұрын

So even if there is an exploitable buffer in someone code, if you don't have access to a function that is also useful, then it doesn't really matter? Assuming RX/DEP is present?

@DONTLAUGH Жыл бұрын

High quality

@crr0ww 10 ай бұрын

thank you

@yeoh4001 Жыл бұрын

Hey, at 12:24 the command r < pattern.txt, when r is some kind of alias (as i got it). What is the full command?

@crr0ww 10 ай бұрын

hi, the "r < pattern.txt" is the same thing as running "run < pattern.txt" : ) hope that helps

@viktorvertesi8565 11 ай бұрын

Hello Guys! Does anyone know what distro is he using and also the customization on it? Would help me a lot! Thanks :) Great vid!

@crr0ww 10 ай бұрын

hey! just using kali that i riced up a bit : ) I might make a dedicated repository with my config files, but here's what I'm working with rn: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps

@viktorvertesi8565 Ай бұрын

Thanks @@crr0ww for your reply! still lovin' your content!

@droot-tc4sk Жыл бұрын

Nice desktop environment. Could you please share your desktop environment configuration details

@crr0ww 10 ай бұрын

sure : ), i might put the config files up eventually but for now, here's what I'm working with: OS: kali WM: bspwm bar: polybar compositor: picom launcher: rofi notifs: dunst terminal : alacritty colourscheme: catpuccin mocha font: iosevka hope that helps! :)

@alexander_adnan 10 ай бұрын

This sounds like Chicago or LA

@mikey10006 Жыл бұрын

Good video :)

@crr0ww Жыл бұрын

thank you so much :D！

@crr0ww Жыл бұрын

join our official discord: dsc.gg/crow-academy

@crckrbrrs 25 күн бұрын

especially if you're a femboy :3

@user-hd3pz2ow1b 2 ай бұрын

nice

@sinatra02 Жыл бұрын

mouse!!!

@crr0ww Жыл бұрын

where??? kill it!!

@yashsakhare5399 7 ай бұрын

Could've been made more easier if explained slowly while typing and doing instead of explaining first and doing it practically, later in which we miss some points which are not effectively described. But good stuff if you already know ASM and have a basic idea what buffer is..

@supreme-erg9875 11 ай бұрын

what version of gdb are you using?

@crr0ww 10 ай бұрын

in this video, i was using gdb-peda: github.com/longld/peda

@iamZANIX Жыл бұрын

Noice what i was thinking of making that kind of video but a bit dumb er way.

@crr0ww Жыл бұрын

you should do it!! :) thank you so much for commenting

@8-bit510 Жыл бұрын

what color scheme you are using ?

@crr0ww 10 ай бұрын

cattpuccin mocha! : )

@detroilions11 Жыл бұрын

What font are you using?

@crr0ww 10 ай бұрын

hi, it's "iosevka" hope that helps : P

@vjxi Жыл бұрын

fastest sub in the west😊

@crr0ww Жыл бұрын

you’re the best :’) thank you so much!! ❤️

@helloworldtest Жыл бұрын

which os are u using mate?

@crr0ww Жыл бұрын

just a simple little kali vm :)

@opusdei1151 Жыл бұрын

What kind of shell are you using?

@crr0ww 10 ай бұрын

ZSH : ) the terminal is alacritty with a cattpuccin mocha colourscheme hope that helps

@opusdei1151 10 ай бұрын

@@crr0ww Thank you very much

@wesleyoliveira6570 Жыл бұрын

What about rust binaries? Is it possible?

@crr0ww Жыл бұрын

100% it's definitely possible to have buffer overflows occur in rust binaries; albeit it's a bit harder because rust is definitely one of the more "memory-safe" languages out there (from what i've seen/heard, i've yet to actually program in rust) thank you for commenting : ) !

@biggiecheez6879 Жыл бұрын

Poggies

@crr0ww Жыл бұрын

THANK YOU BIGGIECHEEZ ❤️

@biggiecheez6879 Жыл бұрын

@@crr0ww I've been doing some of the hack the boxes and it's been going alright, do you have any other recommendations for learning this kinda stuff?

@crr0ww Жыл бұрын

@@biggiecheez6879 honestly i think you’re doing just fine if you’re doing htb; i would say that you could branch to other platforms as well for different flavours like picoctf, ropemporium, tryhackme, etc but other than that; you could also find a piece of software or a service or something and try to work out its internals, potential vulnerabilities, etc :)

@nosystemissaf3 5 ай бұрын

i have seen computerphile video

@user-jl9ox9ln8x Жыл бұрын

Do you use arch?

@crr0ww 10 ай бұрын

i do! (arch btw

@anon-fz2bo Жыл бұрын

just messed around with this concept. i understand why c/cpp programs are vulnerable to these attacks, as a dev i wonder what are the best practices you should take.. the first thing that comes to mind is the use a suitable buffer preferably one which dynamically allocates space like a std::string or std::vector although i could be wrong. pretty sure memory safe languages dont have these problems.