How Pros Use CVEs to Find New Bugs (before anyone else! ft CVE-2020-5902)
Рет қаралды 19,191
Күн бұрынThis week a new RCE in F5 Big-IP was found and meme'd about on Twitter, but here's a question how did all the pros find it before anyone else could? What tools and techniques were they using to exploit it before anyone else and why did everyone end up with a dupe. Today we discuss how they did it!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
Apologies for the audio at the start, not sure what happened there! I'm getting a new setup next week so hopefully, next weeks video will be another major improvement to the editing and visual effects I can do. Liveoverflow here I come
@nathangriffiths8809 4 жыл бұрын
Your next assignment Katie, if you decide to take it: Teach us to reverse engineer. :) (Great explanation on CVE's, thank you!)
@InsiderPhD 4 жыл бұрын
This is DEFINITELY something I want to cover but I am still learning myself! As soon as I understand the topic well enough it will for sure be a video on my channel!
@LaurentLaborde 3 жыл бұрын
@@InsiderPhD Reverse Engineering is extremely difficult to explain in short video. I gave up trying and write tech diary instead and publish it on GitHub. The problem is that videos either spend hours and hours explaining the most basic sh*t OR end up doing some kind of "it's magic, I ain't gotta explain sh*t".
@prathameshmahamulkar6533 3 жыл бұрын
Thank you so much Katie for explaining a very important concept in a to the point and objective way. Wish you a very happy, fulfilled and satisfying career.
@prathameshmahamulkar6533 3 жыл бұрын
Big Fan of you, TCM, Tomnomnom and Stok
@InsiderPhD 3 жыл бұрын
Thank you! You too!
@mertdas6794 4 жыл бұрын
katie gives value as always.. Love your content
@InsiderPhD 4 жыл бұрын
❤️ thank you for watching!!
@eyokfla 3 жыл бұрын
This is what a call DIAMOND CONTENT! Thanks for the lessons.
@InsiderPhD 3 жыл бұрын
Wow, thanks!!!
@offlife77 4 жыл бұрын
I got my first bounty after watching your IDOR video....thanks a lot:)
@InsiderPhD 4 жыл бұрын
Amazing! I hope it was a good one! Very proud of you getting your first bounty!
@sabyasachimitra9644 2 жыл бұрын
Can you please share the report, so I can learn from it? And was it an idor or somethiing else?
@daviscl22 2 жыл бұрын
Excellent info.
@MFoster392 9 ай бұрын
Great information :)
@SantoshKShah 4 жыл бұрын
Great ,Thank You !
@sirhaya363 4 жыл бұрын
thank you your video are the best on the subject !
@InsiderPhD 4 жыл бұрын
Aww thank you so much for such a kind comment!
@sirhaya363 3 жыл бұрын
@@InsiderPhD sooo my first bug is a CVE thank you !!
@danielazulay4936 4 жыл бұрын
That's great, thanks! I have a question about using OS X in bug hunting. Do you think it's a good idea? Should I use a virtual machine(ex. ubuntu) cause I found that most of the recon tools just work better on linux.
@InsiderPhD 4 жыл бұрын
I use OSX personally with no issues, but if you do a lot of recon maybe consider a virtual machine or something like digital ocean if the tools perform better for you. I should say I have no issues myself!
@user-zu4ft8yw9e 3 ай бұрын
The stages involved in addressing the issues caused by CVE-2020-5902 include: 1. Identifying the Vulnerability: Scan the network using specific tools to identify the presence of the Remote Code Execution (RCE) vulnerability (CVE-2020-5902). 2. Applying Patches: Apply the patches released by F5 Networks to fix the critical RCE vulnerability in the affected versions of BIG-IP. 3. Monitoring for Exploitation: Keep monitoring for any active attempts to exploit the vulnerability in the wild and stay updated on mitigation details provided by F5. 4. Implementing Security Measures: Design and implement a comprehensive security policy based on insights from the CVE database to prevent exploitation and enhance overall security posture.
@wisdomfreak 4 жыл бұрын
Finally video that i asked you thank you
@InsiderPhD 4 жыл бұрын
I do get round to requests! Eventually!
@wisdomfreak 4 жыл бұрын
@@InsiderPhD 🙂
@ismailramzan8927 4 жыл бұрын
Thanks Again 😊.
@InsiderPhD 4 жыл бұрын
You're welcome 😊
@snookieNaija Ай бұрын
Thanks love
@josephgosling9593 4 жыл бұрын
Awesome !!
@InsiderPhD 4 жыл бұрын
Thanks!!
@maakthon5551 Жыл бұрын
Great!
@hackerproxy19 3 жыл бұрын
good teaching
@prashanthravichandhran5688 3 жыл бұрын
thank you
@6cylbmw 4 жыл бұрын
Thanks a lot for putting up this video although Im still confused. From what I know/ heard a lot of companies dont pay for vulns found bassed on CVEs (last 3 / 6 months). Is there any bug bounty hunter which actually uses this approach and makes profit? It this approach legit?
@InsiderPhD 4 жыл бұрын
That's totally true, you're right! A lot of companies will consider CVE related bugs internal dupes for the first 30 days. But this is a strategy and you can totally make money, if you check out twitter for CVE-2020-5902 and the Citrix CVE from around December? So it's definitely a risk, but probably worth it for a bug like this one where it's a very simple exploit. It is legit, but you're totally right that it might be considered a dupe or out of scope.
@ricardotech 4 жыл бұрын
love from brazil
@tokyorockstarVALORANT Ай бұрын
ty for the video. wanted to ask what languages i should learn to reverse engineer.
@user-fp7fs9xl2t 3 ай бұрын
Thanks InsiderPhD ...
@ca7986 4 жыл бұрын
❤️
@coderx56 3 жыл бұрын
I love you very very much ❤
@sudha2373 3 жыл бұрын
Mam I my Xss payload blocked by waf how to Bypass waf
@mirhat9330 4 жыл бұрын
It would be great if you can make a video about reverse engineering! :)
@Sanjayyadav-hb2jc 4 жыл бұрын
🤣🤣
@InsiderPhD 4 жыл бұрын
Yeah it’s for sure something I want to cover but that I’m still learning myself, I’ve really been enjoying some of Liveoverflows older videos on the topic!
@thefunnychannel647 3 жыл бұрын
Can you please add a video on how to use nuclei
@itsm3dud39 2 жыл бұрын
what about exploit-db?
@hello-fp6ss 4 жыл бұрын
Great back to 2016 I create a python rce they not pay me opencart cms core I got 1600 shell backdoor in one day😂😂😂😂😂😂🤩 I'm back
@cloufish7790 4 жыл бұрын
[Q] Aren't you risking getting a lot of duplicates and so lose much reputation on h1 or any other bug bounty website? I mean, you'll eventually be racing other people just like you said (And I understand that you're racing with them anyway, but I get a feeling that in those CVE's there's a lot more racing). Or Am I just overrating the value of reputation on these websites? Is the money the most important? Being flooded with duplicates also relates to fuzzing many domains and subdomains with the same exploit. Although I think It's great video, motivates to do more research on your own
@InsiderPhD 4 жыл бұрын
So dupes now don't impact rep on h1, but you're right, you are just racing people! Even those who do find this bug might find that they are duped because they internally know about it and are patching it anyway. The core advantage is if you are able to figure out a 0 day exploit before anyone else you have the entire internet. For people who make their income on just bug bounties being able to catch this before anyone else is a huge huge advantage cause even if they get a few dupes they can make 2-3 months wages from the non-dupes. But I just thought this topic was an interesting look into how the pros approach to bug bounty is really quite different to people starting out and especially shows how 0 days can motivate the best bug hunters!
@user-be2bs1hy8e 4 ай бұрын
12:45 lol, what? I think this is incorrect. I understand the expressed sentiment for usage all of these things aside however - illegal in not the right word. I am almost 100% sure for almost any kind of cyber activity that occurs in any other country than where it was committed from that never in even a million years would result with police showing up to arrest someone. Even based from knowing almost nothing about computer forensics and law I would argue (from a field I have very much experience with) that laziness combined with civil right prevent legalities. So to iterate - not only is big business private and disclosure to convict a 'hacker' so difficult accumulate and attribute to any individual but even the reason cyber security evolved was these same entities were liable for loss originally. Even then between countries illegal is not a thing. Like if they(Foreign) charged someone we(domestic) wouldn't care - we wouldn't care because this have always been and even if i'm incorrect about those still nobody(domestic) cares. But i might be wrong .
@InsiderPhD 4 ай бұрын
github.com/disclose/research-threats
@AmanKumar-tm8id 4 жыл бұрын
Okay, I paid for shodan. Now knowing it was free for students and have extra features than my paid subscription. f
@InsiderPhD 4 жыл бұрын
F :( But at least you know now! And it's good for as long as you have an academic email address!
@skeeberk.h.4396 3 жыл бұрын
Why r u eating the microphone
@InsiderPhD 3 жыл бұрын
I’m a security person not a video person x]
@skeeberk.h.4396 3 жыл бұрын
@@InsiderPhD Toché
Low Level Learning
Рет қаралды 1,3 МЛН
thehackerish
Рет қаралды 240 М.
Casual Justice
Рет қаралды 10 МЛН