Рет қаралды 33,328
Seriously, isn't Snyk SUPER COOL? Check it out! snyk.co/johnha...
Exploit Goof, the vulnerable web app! github.com/sny...
00:07 - BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro
01:00 - What is snyk?
02:36 - Snyk can be FREE!
03:34 - Connecting Snyk to Github
04:54 - Discovering Goof, the Vulnerable Web App
07:28 - Deploying Goof
09:14 - Interacting with Goof
10:00 - Finding Directory Traversal/File Access
11:22 - Snyk Vulnerability Database
13:22 - Patching Vulnerabilities with Snyk
19:52 - Pivoting back to the HackTheBox BlitzProp challenge
20:58 - Finding Prototype Pollution and RCE with Snyk
21:41 - Deploying the BlitzProp challenge with Docker
22:52 - Exploiting the Prototype Pollution vulnerability
26:32 - Using Snyk to Patch the Vulnerability
28:38 - Validating the change with our exploit
29:21 - Wrap Up & Thank You
Hang with our community on Discord! johnhammond.or...
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond