backdoor your coding skills at lowlevel.academy

Note to self. When social engineering/phishing hack to Low Level, use racoon meme

Reminds me of the "don't trust no one not even yourself" meme but it's backdoors.

In germany there is a court case where a security contractor disclosed a vulnerability (password in cleartext for a database connected to the open Internet)... And then got sued. And the judge ruled that using My PHP Admin consitutes hacking. Maybe by as much as entering a building you arent supposed to while the door is open.

I haven't done PHP for a decade, but I still remembered extract. All of the PHP standard lib is riddled with backdoors.

Dude, raccoon memes are THE BEST. It's essentially all I laugh about these days and me and my buddy have HUNDREDS of them.

Backdoor your backdoors at the backdooring center of Backdoors Inc.

Im not gay but 20 dollars is 20 dollars

State backed hacker sounds cool, but at the end of the day its still just government employee.

The WHOIS certificate method was an old way of verifying the owner before GDPR and WHOIS redaction was a thing. They would send an email the address on the WHOIS registry for the domain to verify the owner. Clearly not the best solution and now the DNS TXT record is the favored option.

Im only here for the article reads. Im dyslexic and adhd, so this helps me a ton!

20:00 My preferred example of this is actually the word "gift". For your birthday, you receives gifts, and not jifts. Since both has "gif", it better drives the point that "jif" just feels wrong.

We need more of our own nation state actors lmao

love these types of videos, keep it up

19:59 Counterpoint: gin, gym, gist

reminds me of those belgium domains that where abbandon and they setup a email server and the emails with personal information just comes in...

This channel is amazing. I love your style man. Do you

Article reading videos are great pls keep it up Ed

Hah I remember using some of those... And I remember looking at that extract code when setting stuff up and wondering wtf it did... Shrugged and carried on. Being young was fun, thanks for allowing me to visit it here.

Next video: backdoor the backdoor to the backdoor

Defunct and abandoned infrastructure? I'm gonna start going to abandoned warehouses, leave ip cams that stream to AM frequencies ('._.')

Lol. I once attended KPI Open - an international algorithmic competition held in Ukraine. On the first day the server that we were supposed to upload our solutions to just died because 1 of the teams from Russia just hacked it :P

jia tan is disappointed in how unobfuscated that data is

It's Graphics Interchange Format, not Jraphics Interchange Format.

Backdoor the backdoor

I personally don't care whether you pronounce GIF with a hard or soft "g". I randomly say it both ways. As an old person who remembers the creator of the GIF format was making a pun about a certain brand of peanut butter, I do care if you have an exceptionally strong opinion and it's wrong. I reserve the right to point and laugh. And hey, I know sudo is pronounced "sue due" but f that, it sounds awful and I pronounce it "psuedo" like everyone else who has the word sudo in their vocabulary. So yes, Linux geeks. Pardon my french. Have a lovely day and keep making these videos. :)

Your timing is impeccable, 2 for ₪60 led. On the Triplebeam, 175 gram bred. Lock, Stock, and Two Smokin Barrels, It's twins Jed. Kookiel Ed, Tookie took my Kookie, Nuff Sed. Orbe Grinding at The Mill, up and down, Ram ban Ed. Those Cookies are making ME thirsty ked. Tail review your Auditd Logs head.

19:58 - Thank you. Arguing with a co-worker: “ok fine. Let’s jo to my house and watch jaurdians of the jalaxy then.”

Dropping webshells in pentests - an interesting ethical aspect, like how do you ensure a malicious web crawler does not find it? Maybe a randomized file name is a workaround. Aside from the fact that it darn better not be backdoored.

this guy is so 1337 he can read tech articles aloud like no other pen tester in the world

Instead of buying domains, I've seen hackers using services where you can host your own php driven pages; at least until they get caught. Sometimes the temporary domains have a 'username' preceding the actual domain, so maybe finding those, and using the same username in future may give similar results (assuming no random characters are added to the usernames).

Love these videos! Incredibly nostalgic. My 13 year old son enjoys listening to them with me on our daily drives, and asking about the good old days! 😂

As a Nigerian, i can tell you the federal high court website is not worth the $20 used in getting the backdoor backdoor

Good sh1t, as always. After spending a few days watching various videos of yours, I am convinced that programming languages should be structured very differently. Rust is already taking the first steps so that memory access problems don't grow into even bigger problems. However, this can only be a start. I think we may have to introduce several levels for program execution in programming languages in which code and data have to live (analogous to userspace and kernel space, only with different levels). User input or much more in the level for user input, for example, or input from unknown sources in general, a defined and definable minimum of input should be possible. To take a closer look at the example: at the level at which what is discussed here works, "extract" should simply not exist. At other levels, however, it might. "Enforced security", so to speak, depending on the application level or area of the application.

14:57: The only difference between screwing around and Science is writing it down. - Adam Savage

can you take a look at the patient monitor backdoor? maybe even take a look at the code? cisa did provide some insights.

We put backdoors in your backdoors so you can sneak in by the backdoor while sneaking in by the other backdoor.

Nice article, thanks for the read-up 😎🎉

Backdooring backdoors sounds to me like shit squared.

also if you comp a WHOIS, you wouldn't change the information about who owns a domain- you'd change the nameservers. preferably with ones that fallback to the real NS if they have queries open to non-root servers to avoid noise.

Mobi domain was ment for mobile devices

Jif. You don't gi-raffe, you ji-raff

I like how the extract function uses the "@" operator too, which is probably my top candidate for the worst feature in a programming language ever. @ silences all errors, including syntax errors. I had to once debug a piece of steaming PHP that used it liberally and I now have a burning hatred in my soul for anyone who uses it.

It's funny, like you have a backdoor to a backdoor and you don't care to lose access to all of that, WTF! I'm so curious why these hackers didn't renew the hard coded domain. Am I missing something?!

How does one try to help an organization and work with them when the organization wants to call you a liar and refuse to help. With that organization being my ISP. In which was compromised leading up to my issue.

Racoon memes are indeed the best.

19:57 I mean, for those who prefer gif-like-giant to gif-like-git... There does exist a jif format, and I personally don't want to have to call them Golf India Foxtrot or Juliet India Foxtrot every time because somebody decided they should sound the same. That, however, is a different Foxtrot Uniform entirely, compared to the topic of the video.

Eat trash, be trash - Raccoons probably

the creator said jif like the peanut butter. For logic to be consistent you would have say JFeg instead of Jpeg

So is there some list of sinkholed domains which I can put in the DNS resolver and get a poor man IDN solution, to get a notification if we catch some of that illness?

Geoffrey the gentle giraffe would would side eye you on his way to the gym if he heard you pronounce gif that way.

Forgive me but you and John Hammond look like brothers? Am I wrong here guys???? Love both your guys content!

Incorrect. Per the inventor's word, choosy developers use `.gif`. :D

19:56 - I opt always to spell it out: NO ONE can argue with the pronunciation of "G-I-F"! :D

What's next ---- software update infrastructure and autoscaling cloud infrastructure for SSLVPN appliances? That would be a never-ending nightmare!

article sounds like man google dorked his way into known exploits. Used to do same back in the 90s, with php shell backdoors. and many other stuff. Anyway bro, whats your lowlevel academy roadmap, like future courses, marketable skills based projects? etc...Really horny about diving deep into C, but cant really see how the current courses you have can potentially equip me with emplyable skillset...then again i might be little bit to dumb to comprehend the actual value of the course in terms of jobs and all that.I would honestly love to see projects that demostrate practical use of c ....even a a simple video promoting the applicable value of the course at the jobs market, ideally exaplaining like you would explain it to a racoon :)

Hey, we just collect usage analytics in order to improve your user experience with future releases! What's the problem?

so its a backdoor in your backdoor ? sounds like inception of backdoor.

Ohh the nostalgia for the c99 and r57...

"imagine they're on their mobile phones" Nah, fam, that's probably just a UA rotator.

Maybe this is general knowledge, but what's up with .MOBI? Seems a like a major event? Do you have a video on it?

Backdoors... those are the doors in the backrooms, right?....

Don't be surprised when the people paid to find/create backdoors don't close them when the current project stops paying. It's like leaving a stolen vehicle somewhere with the keys behind the tire. Yeah, it might not be there when you come back, but if it is, great, because that just saved you some time.

Most of them just require you to do a TXT record with a hash in it to prove that you are the owner of the domain. - Regarding WHOIS question he asked.

What does dmarc have to do with ownership validation? I don’t think you are right on that part.

20:00 small correction. It is indeed pronounced jiff

There's a prince who can help the Federal High Court of Nigeria find the hackers, but in order to keep his bank details out of the hacker's hands he needs your help moving some funds around.

You would think these once-rogue domains would be DNS blacklisted worldwide.

100% on GIF pronunciation. I don't hear anyone saying "jraphics" 😹

19:58 you don't "jo" to the bathroom, but do you like watching "jiraffes" at the zoo?

17:47 begs to be GIF'ed

You speed-ran through the networking/IP comments, barely comprehensible, having the page on 192.168 up for like a second :) The block reservation size vs network size was way to quick for me to follow there, and I’ve been around since ancient times when we built networks with sticks and stones.

Not saying Jiff is enough for me to

I got my backdoor hacked once. I kinda liked it .///.

i had no idea you could do this (twenty dollar dollars)

JAG - Judge Advocate (J)eneral, or Judge Advocate (Gh)eneral?

LMAO, were you able to learn what is SSRF?

Pfft if you thought 2010 was a fun time for the Internet you should have seen 2000. Almost no antivirus, or firewalls, DSL sucked but if you were patient you could get free dialup from a compromised library computer, or put a Trojan into an AOL install and put it on as many school computers as possible. I even remember compromising our towns email, sending emails from teachers using telnet, net send flooding classrooms with pop-up messages, bypassing DNS filters, ah good times. I don't miss walking around with 40 disks to bring home mp3s from the schools T1 connection

oooo my govt is vulnerable as we thought, woooo

When ya done, why wipe off the victim? Sloppy practice, yet it leaves sloppy seconds.

Don't forget to like--wow, only 995 likes thus far! Great content LL

The description sounds like a "one flew over the cuckoo's nest" ideology. Effective at being non-suspicious, I guess.

low level tv?

Sorry, No. ".gif "is "jif" according to the resposible parties ...think "jiffy". Give it a little thought, it's the only way any of it makes sense, no matter how many people try to twist it.

Is this like writing an antivirus to antivirus ?

thumbs up for correct pronunciation of *.gif (also the video was good)

haha I played with this as minir in the early 2000s. Funny this is still alive. With properly containers today with readonly fs, no root access, and ingress controllers this is useless for most systems... except these legacy ones. Very interesting

We did this in 2010; not new but a great write up! Another option I'm surprised they didn't pick up on is using public VPN services which allow for port forwarding :) Old school stuff being brought up is great! Source: I'm an ex-malware developer turned security researcher.

ah the days when you could put javascript tags in comments........

Oh Hello, a new Video 👋

19:59 Joe mama goes to the bathroom

Having the name Giles, I can tell you hat I don't "go" to the bathroom either. I Gi to the Bathgate.

I'm not into security but I'm here for you sweet, beautiful face. Thanks.

Competing with Louis Rossmann for talking and 2x speed!

but but , LL i always Jo to the bathroom XD

those what i call as "rebel without a cause". looking for trouble against the authority for thrills. i dont see the point of why they do what they do. just causing nuisance to the state actors without actual mission or purposes. they arent trying to help anybody. i dont respect those type of factions. well, one of the "animal guided" humans. no wonder. the sufferings are still sufferings. and those group you talk about just in it for thrill. they exists or not make no difference.

Hahaha 😊 Love it! Raccoons for the win🎉

and you don't call a jpeg a "j-pheg," Ed

Backdoor of a program if it was a person: "Haha! I've got all your data and I'm going to share them to the author of this backdor!!...... which.... is... you..........😳😳"

I too like raccoon memes