I want to say a lot of content creators see requests for easier content and don't see the ROI for advanced content. Personally would like to see you do whatever it is you want to provide. Given your coverage that isn't too say this wasn't a contribution. - GamozoLabs does a fantastic job of covering fuzzing and optimization research - 0xdf covers advent of code and, like ippsec, does war game boxes on THM, HTB etc. - cts covers memeing coding projects like educational software for skirting around Valve's anti-cheat. - 0x6d696368 ghidra - DuMp-GuY TrIcKsTeR .NET RE - OALabs Malware RE - 247CTF Learned RE - GH Learned RE & tooling - HackerSploit guided general coverage of tools - Dayzerosec application security / vuln research and recaps and so on... What I see that's missing is coverage of more modern exploitation identification and understanding in-depth, like HVCI for example, on UA-cam. Even though there are great research articles by revers.engineering and secret.club sometimes having a visual representation helps. Which is why this channel is so awesome. I recognize that most of the bleeding edge research regarding COOP for Intel's CET or smashing ARM's MTE is reserved for talks or paid trainings. Plus you're first video had Didier Stevens on and that was awesome.
@@NetworkITguy Yes, there is a ton of amazing stuff out there! I hope to cover things that have sometimes already been covered, but in a way that makes it more accessible. I have several goals, which also includes what you've suggested above. All the examples you've listed are fantastic. So, one example is to cover some of those same topics, but to try and do an even better (or different style) job when possible. I also want to cover topics that haven't been addressed, such as bringing on Steve Walbroehl recently to cover blockchain tech and things that aren't commonly discussed. Finally, I want to reach the areas you've suggested. I plan to have a coauthor of mine from Gray Hat Hacking on to discuss Hypervisor Exploitation. I plan to have Connor McGarr on to cover some of the Kernel stuff you mention. We'll see who else wants to come on to discuss some other relative areas that you describe. As you said, it gets into a cutting edge space of research where people are potentially under NDA's, or are using it for private trainings, or are keeping it internal as it's super valuable. For example, Apple has recently made things a lot harder with regard to exploitation. If someone finds something, the price tag could reach several million USD. Thanks for checking in and I hope you like the content we bring in the future!
- set up Chrome v8 engine for vuln research - basic exploitation of v8 in an easy way (other writeups are tough to understand and not easily accessible) - explain Windows mitigations and how to circumvent even theoretically such as (CFG, ACG, Exploit Guard, XFG, CFi, CET, SMEP, hypervisor security HVCI and VBS .. )
Exactly, it's great to save people time so they can get to new research. People have heard me say it a million times, about references to FS:[0x30] back when I was learning about shellcode writing. This was 20 years ago and there were no search engine results. Had there been, I'd have saved many hours!
LOVED it, loved the way u explained and drew to help us visualize. I learned a lot and also got to revise some of stack concepts. please keep making more videos like this. (i have a red teaming ctf coming up, i am preparing for it). and also, could you make a playlist for beginners like myself to refer to to get all the videos related to buffer overflow.
Thanks, I try to mostly touch on more advanced topics as there are a lot of videos on introductory exploit development available. I can certainly try to do some others if you find my style more helpful. Most videos are on the Live section of the channel.
It was a delight to watch this one Stephen!. Such a great explanation of the basics. Other content creators skip the details. Thank you very much for sharing your knowledge and giving a detailed walk through with diagrams. This channel's gonna grow exponentially. I am sure of it. Cheers!
Amazing video, love the way you deliver the content. I’m assuming it comes from your experience in developing and teaching SANS courses! Subbed and looking forward to more videos in the future!
Truly one of the most legendary hacker youtubers out there. 🗿🗿🗿🗿🗿🗿🗿
thank you for explaining it in details, most youtube videos don't do that, thank you!!!
I'm glad it helped. I try and make sure the videos on my channel are informative.
If you have ideas for future videos, let me know...
I want to say a lot of content creators see requests for easier content and don't see the ROI for advanced content. Personally would like to see you do whatever it is you want to provide. Given your coverage that isn't too say this wasn't a contribution.
- GamozoLabs does a fantastic job of covering fuzzing and optimization research
- 0xdf covers advent of code and, like ippsec, does war game boxes on THM, HTB etc.
- cts covers memeing coding projects like educational software for skirting around Valve's anti-cheat.
- 0x6d696368 ghidra
- DuMp-GuY TrIcKsTeR .NET RE
- OALabs Malware RE
- 247CTF Learned RE
- GH Learned RE & tooling
- HackerSploit guided general coverage of tools
- Dayzerosec application security / vuln research and recaps
and so on...
What I see that's missing is coverage of more modern exploitation identification and understanding in-depth, like HVCI for example, on UA-cam. Even though there are great research articles by revers.engineering and secret.club sometimes having a visual representation helps. Which is why this channel is so awesome.
I recognize that most of the bleeding edge research regarding COOP for Intel's CET or smashing ARM's MTE is reserved for talks or paid trainings. Plus you're first video had Didier Stevens on and that was awesome.
@@NetworkITguy Yes, there is a ton of amazing stuff out there! I hope to cover things that have sometimes already been covered, but in a way that makes it more accessible. I have several goals, which also includes what you've suggested above. All the examples you've listed are fantastic. So, one example is to cover some of those same topics, but to try and do an even better (or different style) job when possible. I also want to cover topics that haven't been addressed, such as bringing on Steve Walbroehl recently to cover blockchain tech and things that aren't commonly discussed. Finally, I want to reach the areas you've suggested. I plan to have a coauthor of mine from Gray Hat Hacking on to discuss Hypervisor Exploitation. I plan to have Connor McGarr on to cover some of the Kernel stuff you mention. We'll see who else wants to come on to discuss some other relative areas that you describe. As you said, it gets into a cutting edge space of research where people are potentially under NDA's, or are using it for private trainings, or are keeping it internal as it's super valuable. For example, Apple has recently made things a lot harder with regard to exploitation. If someone finds something, the price tag could reach several million USD. Thanks for checking in and I hope you like the content we bring in the future!
Oh, and if you have something you'd like to share, I'm happy to chat about having you on as a guest!
- set up Chrome v8 engine for vuln research
- basic exploitation of v8 in an easy way (other writeups are tough to understand and not easily accessible)
- explain Windows mitigations and how to circumvent even theoretically such as (CFG, ACG, Exploit Guard, XFG, CFi, CET, SMEP, hypervisor security HVCI and VBS .. )
Idea for a video: Practical WinDbg (Preview?) for Vulnerability Research and Exploit Development. E.g. triaging crashes, debugging exploits
that was great! Learned a bunch for sure. The end part went a bit quick. But I'll come back to this as I am learning! Great stuff
I wish this came out a year ago when I was studying for certs that required BoF. This is a great video and thank you for recording it!
Exactly, it's great to save people time so they can get to new research. People have heard me say it a million times, about references to FS:[0x30] back when I was learning about shellcode writing. This was 20 years ago and there were no search engine results. Had there been, I'd have saved many hours!
one of the best buffer overflow video!
Such an awesome video looking forward to future content
LOVED it, loved the way u explained and drew to help us visualize. I learned a lot and also got to revise some of stack concepts. please keep making more videos like this. (i have a red teaming ctf coming up, i am preparing for it).
and also, could you make a playlist for beginners like myself to refer to to get all the videos related to buffer overflow.
Thanks, I try to mostly touch on more advanced topics as there are a lot of videos on introductory exploit development available. I can certainly try to do some others if you find my style more helpful. Most videos are on the Live section of the channel.
It was a delight to watch this one Stephen!. Such a great explanation of the basics. Other content creators skip the details. Thank you very much for sharing your knowledge and giving a detailed walk through with diagrams. This channel's gonna grow exponentially. I am sure of it. Cheers!
thank you so much man, loved it, very helpful✨✨✨
Subscribed !!! Great granular details, feel like I learned something.... Cheers!
If you didn't learn anything, I'm failing! :) Happy New Year.
Amazing video, love the way you deliver the content. I’m assuming it comes from your experience in developing and teaching SANS courses! Subbed and looking forward to more videos in the future!
very good, enjoyed the whole video!
Awesome content. Followed your GXPEN course btw. Here for a refresher ;)
Thank you so much Stephen! I'm coming from Pharmacy and I want more of your help into Android hacking!
Great content ;)
Thanks!
dont apologize for the graphics its perfect you dont need anything flashy its just distracting anyway
Hope your channel blows up man
Thanks!
❤ New Sub
Thanks!
Thank you ❤❤❤
where have you been all this while..bro ..damn u good
Thanks!
just awesome
Thank you very much!