This is the BEST explanation of SSRF I've ever heard and I finally understand it now. Thank you.

This channel is heavily underrated

11:50 rubocop reported that line for a reason apparently.

I swear i've heard someone jokingly say "CRLF injection" before, and although i've seen that fuck with UI only intended for single lines (chat text boxes in some games, Muck for example and you can impersonate others in chat), but i never thought it would be an actual security vulnerability in a real application that can actually cause damage without another human element lol

the funny thing about this channel is that it always flew under my radar because i thought by the graphics in the thumbnails that it wouldn't dive too deep into the topics. I guess I'll never judge a book by its cover again. Real nice vid, keep it up!

I love this videos. Every time I see one I understand around 30% of what he's saying but I'm still watching 'till the end.

Great video, thank's for introducing SSRFs in a practical, hands on and easy to understand way.

Just found your channel and I think it's heavily underrated. Keep making more videos plz, even tho I don't do security stuff myself I find it really interesting and your explanations are super easy to understand for noobs like me too. Love it!

This one is definitely make my day...!

So remember when connecting to random URLs: Either bind your client to an IP which only has public internet access (i.e. via firewall settings); Use a client library which has an option to only connect to public addresses (or can do so via an access control callback); Or funnel all the requests through a proxy which denies access to any internal addresses.

Really great video. I love your editing skills, so slick, nice job.

this channel is as good as it gets man, props

I was in the middle of this video, but I set it down and when I came back, the video was off youtube. Glad to see its back so I can finish it lmao

FINALLY guys he uploaded!

Cool video, and your english is terrific. I almost didn’t notice that you weren’t a native english speaker.

I'm constantly surprised by the amount of languages and frameworks that allow executing any string you give them

Amazing work my brother! Lots of Love! Keep making awesome contents like this.

Thank you for these explanations. I was waiting for a video on this type of problem. Your diagrams and your speech (rather slow) are a plus for me which sucks in English: ').

2:38 Hold-up a second. That’s a Python REPL, but my god it’s beautiful. How was this magic accomplished?!

"Kinda like, you know, when you were young and you want those beers but you were underage" No, sir, I dont. I'm an European

I am from a software engineering background got interested in cybersecurity too now.

You give me such LiveOverflow vibes haha I like it

Your channel has helped me out greatly. Tysm!

Probably the Best Explanation So far, Thanks bud

I have been waiting for a new video from this channel. Very good content and explanation, nice animation and voice

Good vid bud, thanks for making it! And have a nice day

This is top tier contents, keep it up!!!!

Welcome back Hope you fine and dandy?

This video somehow shows as uploaded 6 months ago. Good explanation

Este compa es la pinga, me fascinan tus vídeos

Awesome as usual like Fireship 😁

3:07 “there is an old talk, but still great” Talk is from Jan 9, 2020 👀 … one really has to awe that in tech we move so fast that a year old talk is considered old. Borderline outdated. Now the doctors office that happily works with best practices learned at college 15 years ago needs to defend against this world. 😅 ehm… yeah, my bet is on black

Excellent explanation earned my follow!

hey man we are waiting for the binary exploitation series !

I love your videos. keep your work up it's amazing.

I finally understand why Roblox doesn’t allow requests to their own domain through Roblox game servers.

Really enjoying your channel my friend. Keep it up

Keep it up! Love your videos

One of the reasons you should enable password authentication on your Redis and separate your automation from your environments. Here is one of the biggest risk in some companies, having a central user that has admin access to an entire Kubernetes or ECS cluster. If the credentials or token of this user becomes compromised, the attacker will essentially have full control over your entire cluster. We should probably also separate hackers into 2 categories: - People who want to do damage - People who want to gather valuable information *Hacker (Gatherer)* Large quantities of categorized accurate data is extremely valuable. Many companies big or small store general user data, such as overall sales data to determine which products does a majority of their clients like and try to cater to the larger audience. There are usually big data based systems that uses these datasets to build statistical models to help make sense of a majority of this data. Now for the hacker gathering data, if they somehow got a hold of these datasets, they could sell it to the competitors of the company they stole from, thus now using that data to push specific products out to the same customers faster, making themselves look better. A strange strategic tactic of stealing another company's customer base. *Hacker (Attacker)* The common malicious Attacker could attempt a similar thing but with a different route. They can simply be paid by a company to shut down or to compromise their competitors. For one if they somehow got access to those same datasets, they could simply permanently delete that data, crippling the vision of the competitor. When a company does not know whats happening in their own sales, they may bring out products that the clients won't buy, costing the competitor insane amounts of lost revenue. Or if the attacker somehow got access to the system, they could be paid by a company to simply cripple critical systems of their competitor. If the competitor can't make sales or has a crappy service, then the customer base would most likely flock to whatever works. *Conclusion* Think of it this way, if you suddenly can't use Google, what other search engine would you use? Probably bing or duckduckgo, right?

cool! very inresting, i feel a little smarter already, thx ;)

Oh my, this was an insightful one :D

at 12:53 you are giving redis port 6379 but in terminal when you check at 13:18 port number is 1337 that it is connected to could you please explain this

Any chance you can cover the Twitch hack? Would be nice to get some more info there

where are the comments?

Great video my friend! ❤️

Finally a new video :D

if i had found this channel when i was highschool i'd have ended up going to juve

“I just learned ruby last night” LMAOO hard flex

How did you get the docs in your Python REPL at 2:44?

Self generated code execution is considered a extremely useful feature in interpretive languages, and I don't see it disappearing. However one does wonder if it's a fools errand arising out of lazy thinking. You can add a lot of power for very little effort this way but the unnoticed security envelope (usually) requiring executable code to sit in OS protected memory is bypassed in any kind of interpreter. This violates the implied security model of the Von-Neuman/Harvard architectures. So the security model never taking into account interpreters is actually responsible for the problem to start with. Browsers should never have been enabled to run interpreted scripts either (go ahead and laugh, but I'm deadly serious). I was pretty amazed when HTML appeared in the 1980s as uncompiled & unencrypted, but when Netscape introduced Javascript I pretty well fell off my chair. My suspicions were confirmed when I subsequently learned HTML was invented by a self taught non-computer professional. The danger of interpreters were already quite apparent to me after just 4 months into my IT career on the DecSystem-10. The TECO editor (aka 'vi') used a privileged operation that could allow TECO code to receive passwords in a fake login attempt. Only a privileged program like TECO could do this, but TECO was an editor with its own interpretive language. All SSRFs work this same way. Interpreters that allow (new) code execution are a really really bad idea. There is simply no need for it, although, its makes a FEW difficult things much much easier without having to write code for, at the expense of violating the fundamental computer architecture security model.

All the comments are gone :( At least the video is back!

my brain is to dumb to process this

Hello, I would like to know if there is a way to predict the semi-random numbers to get profits from betting applications and semi-crash??😢

Finally you are back ☺️

Dude i dont usually share any video or Channel but you man u are fucking Gold keep up good luck

Keep it up that's amazing thank you

Quality content

I didn't ask people to buy my booze. I did beer runs

Great content, subbed! 🐧

i died when u compared sitting out side of the liqour store to ssrf

Bro, you're a legend.

Isn't the JSONified class also insecure deserialization? Ruby executes whatever it sees in the function of that class, so that is insecure deserialization right? The complete vulnerability chain in this case would then be SSRF + CRLF + Insecure Deserialization

Nice video! But it's not "random HTTP requests" if it's the Git protocol 🤔

you have such quality content but you should upload more

Along side the newline injection vulnerability, it seems Redis should abort the connection the moment it gets an invalid line. This likely would have also prevented this particular exploit.

Where are the videos? Did you forgot you have a channel? I'm waiting new content :(

YOU ARE THE REAL MVP.

the netcat technique was great, would u make a video on all the use cases it enables ?

I miss the old drawing style videos

can you demo how we bypass ssl pinning windows application?

sigh ... Why the heck are SSRFs are still possible? It's 2022 for ducks sake!

Back from the dead!

Excellent video!

Im new to this stuff and learning, but what is the difference between an SSRF and a CSRF? Thanks for the knowledge!

Redis does not requires authentication ?

Wait that outro... It sounds... Familiar...

Great video, thank you.

Finally waited so long for this video

Which of the Community Guidelines did this allegedly violate?

Old talk ?? It was like 16 months old when this vid was made

awesome job man

Your content is really good , also animation is great. It'll be great if you make a video on how you research all this thing , how to approach the research and what sources are best.

Great video as always! Could you please send the link of the github repo with the SSRF examples?

a guy made a video of bed trapping someone but he forgot to censor about 1 or more frame(s), the guy is lucky i wont use his (idk what) for any bad

Man, I like these flaps.

just found your channel. thought you're liveoverflow brother or something

Stok sent me, you got my sub.

I feel like i should know what you're talking about, but i really don't... Well i understand the broad concepts and some bits of what you say but thats it

Just want to know, what terminal shell/extensions are you using?

ok, so... just route all "external-origin" url requests through adapters that only lead directly outside ... ? - essentially, through the "public-ip router" ...

Are you interested in working for the monero research labs?

Great content!

thank you for your great video. it's interesting because the server can't determine raw string and operators...

Timestamp 11:41 - comment disabling the security lint check for the loooze

yo bro ho does every body got free websites.. of course not every one have wifi and money so how can they create a server for free.. please answer my question and tell me how can I build a server (linux) for free

Cn I ask you what's the tool that you used for the diagram In 1:52 ?

Where is your intro? It was awesome.

What tool do I need to make visualization like the one at 1:53?

like blind sql / http header injection?

As a hello-world engineer, I cannot fully get what this video means, but I know this is good. What should I learn in order to understand this video?