backdoor your coding skills at lowlevel.academy

Note to self. When social engineering/phishing hack to Low Level, use racoon meme

Reminds me of the "don't trust no one not even yourself" meme but it's backdoors.

State backed hacker sounds cool, but at the end of the day its still just government employee.

Dude, raccoon memes are THE BEST. It's essentially all I laugh about these days and me and my buddy have HUNDREDS of them.

In germany there is a court case where a security contractor disclosed a vulnerability (password in cleartext for a database connected to the open Internet)... And then got sued. And the judge ruled that using My PHP Admin consitutes hacking. Maybe by as much as entering a building you arent supposed to while the door is open.

Backdoor your backdoors at the backdooring center of Backdoors Inc.

I haven't done PHP for a decade, but I still remembered extract. All of the PHP standard lib is riddled with backdoors.

Im only here for the article reads. Im dyslexic and adhd, so this helps me a ton!

Im not gay but 20 dollars is 20 dollars

The WHOIS certificate method was an old way of verifying the owner before GDPR and WHOIS redaction was a thing. They would send an email the address on the WHOIS registry for the domain to verify the owner. Clearly not the best solution and now the DNS TXT record is the favored option.

Lol. I once attended KPI Open - an international algorithmic competition held in Ukraine. On the first day the server that we were supposed to upload our solutions to just died because 1 of the teams from Russia just hacked it :P

love these types of videos, keep it up

20:00 My preferred example of this is actually the word "gift". For your birthday, you receives gifts, and not jifts. Since both has "gif", it better drives the point that "jif" just feels wrong.

We need more of our own nation state actors lmao

reminds me of those belgium domains that where abbandon and they setup a email server and the emails with personal information just comes in...

Hah I remember using some of those... And I remember looking at that extract code when setting stuff up and wondering wtf it did... Shrugged and carried on. Being young was fun, thanks for allowing me to visit it here.

Next video: backdoor the backdoor to the backdoor

"You don't GIO to the bathroom" The giraffe disagrees.

Defunct and abandoned infrastructure? I'm gonna start going to abandoned warehouses, leave ip cams that stream to AM frequencies ('._.')

Backdoor the backdoor

Article reading videos are great pls keep it up Ed

19:59 Counterpoint: gin, gym, gist

I personally don't care whether you pronounce GIF with a hard or soft "g". I randomly say it both ways. As an old person who remembers the creator of the GIF format was making a pun about a certain brand of peanut butter, I do care if you have an exceptionally strong opinion and it's wrong. I reserve the right to point and laugh. And hey, I know sudo is pronounced "sue due" but f that, it sounds awful and I pronounce it "psuedo" like everyone else who has the word sudo in their vocabulary. So yes, Linux geeks. Pardon my french. Have a lovely day and keep making these videos. :)

jia tan is disappointed in how unobfuscated that data is

19:58 - Thank you. Arguing with a co-worker: “ok fine. Let’s jo to my house and watch jaurdians of the jalaxy then.”

This channel is amazing. I love your style man. Do you

I love how simple the thumbnails are lol. I am also trying to learn IT. So I am here.

It's Graphics Interchange Format, not Jraphics Interchange Format.

Instead of buying domains, I've seen hackers using services where you can host your own php driven pages; at least until they get caught. Sometimes the temporary domains have a 'username' preceding the actual domain, so maybe finding those, and using the same username in future may give similar results (assuming no random characters are added to the usernames).

this guy is so 1337 he can read tech articles aloud like no other pen tester in the world

Dropping webshells in pentests - an interesting ethical aspect, like how do you ensure a malicious web crawler does not find it? Maybe a randomized file name is a workaround. Aside from the fact that it darn better not be backdoored.

Thank you for pronouncing it correctly and setting the record straight on GIF! A GIF is a gift

Good sh1t, as always. After spending a few days watching various videos of yours, I am convinced that programming languages should be structured very differently. Rust is already taking the first steps so that memory access problems don't grow into even bigger problems. However, this can only be a start. I think we may have to introduce several levels for program execution in programming languages in which code and data have to live (analogous to userspace and kernel space, only with different levels). User input or much more in the level for user input, for example, or input from unknown sources in general, a defined and definable minimum of input should be possible. To take a closer look at the example: at the level at which what is discussed here works, "extract" should simply not exist. At other levels, however, it might. "Enforced security", so to speak, depending on the application level or area of the application.

We put backdoors in your backdoors so you can sneak in by the backdoor while sneaking in by the other backdoor.

As a Nigerian, i can tell you the federal high court website is not worth the $20 used in getting the backdoor backdoor

can you take a look at the patient monitor backdoor? maybe even take a look at the code? cisa did provide some insights.

14:57: The only difference between screwing around and Science is writing it down. - Adam Savage

Love these videos! Incredibly nostalgic. My 13 year old son enjoys listening to them with me on our daily drives, and asking about the good old days! 😂

Racoon memes are indeed the best.

Mobi domain was ment for mobile devices

Nice article, thanks for the read-up 😎🎉

also if you comp a WHOIS, you wouldn't change the information about who owns a domain- you'd change the nameservers. preferably with ones that fallback to the real NS if they have queries open to non-root servers to avoid noise.

1:28 - I don't think you meant to say DMARC here. DMARC is a dns entry that tells an email service provider what to do if an email from your domain fails SPF or DKIM mail checks. (You can tell it to do nothing, to quarantine the email, or reject it)

Hey, we just collect usage analytics in order to improve your user experience with future releases! What's the problem?

Jif. You don't gi-raffe, you ji-raff

So is there some list of sinkholed domains which I can put in the DNS resolver and get a poor man IDN solution, to get a notification if we catch some of that illness?

Backdooring backdoors sounds to me like shit squared.

It's funny, like you have a backdoor to a backdoor and you don't care to lose access to all of that, WTF! I'm so curious why these hackers didn't renew the hard coded domain. Am I missing something?!

Ohh the nostalgia for the c99 and r57...

How does one try to help an organization and work with them when the organization wants to call you a liar and refuse to help. With that organization being my ISP. In which was compromised leading up to my issue.

Forgive me but you and John Hammond look like brothers? Am I wrong here guys???? Love both your guys content!

I like how the extract function uses the "@" operator too, which is probably my top candidate for the worst feature in a programming language ever. @ silences all errors, including syntax errors. I had to once debug a piece of steaming PHP that used it liberally and I now have a burning hatred in my soul for anyone who uses it.

Geoffrey the gentle giraffe would would side eye you on his way to the gym if he heard you pronounce gif that way.

Incorrect. Per the inventor's word, choosy developers use `.gif`. :D

What's next ---- software update infrastructure and autoscaling cloud infrastructure for SSLVPN appliances? That would be a never-ending nightmare!

Maybe this is general knowledge, but what's up with .MOBI? Seems a like a major event? Do you have a video on it?

Eat trash, be trash - Raccoons probably

What does dmarc have to do with ownership validation? I don’t think you are right on that part.

We did this in 2010; not new but a great write up! Another option I'm surprised they didn't pick up on is using public VPN services which allow for port forwarding :) Old school stuff being brought up is great! Source: I'm an ex-malware developer turned security researcher.

20:00 small correction. It is indeed pronounced jiff

Next vid, hacking hackers that hack hackers that hack government backdoors

Don't be surprised when the people paid to find/create backdoors don't close them when the current project stops paying. It's like leaving a stolen vehicle somewhere with the keys behind the tire. Yeah, it might not be there when you come back, but if it is, great, because that just saved you some time.

Most of them just require you to do a TXT record with a hash in it to prove that you are the owner of the domain. - Regarding WHOIS question he asked.

17:47 begs to be GIF'ed

i had no idea you could do this (twenty dollar dollars)

Bruh, BASE64 is like everywhere :D It made me chuckle so hard I need to see a doctor.

so its a backdoor in your backdoor ? sounds like inception of backdoor.

19:57 I mean, for those who prefer gif-like-giant to gif-like-git... There does exist a jif format, and I personally don't want to have to call them Golf India Foxtrot or Juliet India Foxtrot every time because somebody decided they should sound the same. That, however, is a different Foxtrot Uniform entirely, compared to the topic of the video.

100% on GIF pronunciation. I don't hear anyone saying "jraphics" 😹

19:56 - I opt always to spell it out: NO ONE can argue with the pronunciation of "G-I-F"! :D

You would think these once-rogue domains would be DNS blacklisted worldwide.

Not saying Jiff is enough for me to

"imagine they're on their mobile phones" Nah, fam, that's probably just a UA rotator.

don't pretend your gif pronunciation is anything but preference. english has soft-g words like giraffe, giant, gin, ginger, gem, gel, gentle, gem, gym, gyroscope, gist, genesis, generous, etc

There's a prince who can help the Federal High Court of Nigeria find the hackers, but in order to keep his bank details out of the hacker's hands he needs your help moving some funds around.

I got my backdoor hacked once. I kinda liked it .///.

Backdoors... those are the doors in the backrooms, right?....

You speed-ran through the networking/IP comments, barely comprehensible, having the page on 192.168 up for like a second :) The block reservation size vs network size was way to quick for me to follow there, and I’ve been around since ancient times when we built networks with sticks and stones.

JAG - Judge Advocate (J)eneral, or Judge Advocate (Gh)eneral?

If you don't Jo to the bathroom, and you go there instead, what do you look at in there? A Gif of a (Grrr)iraffe?

20:00 yeah but would you want some ginger ?

LMAO, were you able to learn what is SSRF?

the creator said jif like the peanut butter. For logic to be consistent you would have say JFeg instead of Jpeg

thumbs up for correct pronunciation of *.gif (also the video was good)

Don't forget to like--wow, only 995 likes thus far! Great content LL

oooo my govt is vulnerable as we thought, woooo

19:58 you don't "jo" to the bathroom, but do you like watching "jiraffes" at the zoo?

This video just reminded me I've been mispronouncing giraffe my whole life....

I appreciate your post! My okx wallet holds USDT and other coins and I’ve got the seed phrase :(tag suit turtle raccoon orange fever main skull special hungry crystal mixture). Could you explain What's the best way to send them to Binance?

Oh Hello, a new Video 👋

Pfft if you thought 2010 was a fun time for the Internet you should have seen 2000. Almost no antivirus, or firewalls, DSL sucked but if you were patient you could get free dialup from a compromised library computer, or put a Trojan into an AOL install and put it on as many school computers as possible. I even remember compromising our towns email, sending emails from teachers using telnet, net send flooding classrooms with pop-up messages, bypassing DNS filters, ah good times. I don't miss walking around with 40 disks to bring home mp3s from the schools T1 connection

ah the days when you could put javascript tags in comments........

When ya done, why wipe off the victim? Sloppy practice, yet it leaves sloppy seconds.

low level tv?

haha I played with this as minir in the early 2000s. Funny this is still alive. With properly containers today with readonly fs, no root access, and ingress controllers this is useless for most systems... except these legacy ones. Very interesting

Competing with Louis Rossmann for talking and 2x speed!

Wow dude. Omg.

Sorry, No. ".gif "is "jif" according to the resposible parties ...think "jiffy". Give it a little thought, it's the only way any of it makes sense, no matter how many people try to twist it.

What’s more annoying than watching someone read an article, and only provide low level of effort/low value commentary? I don’t know… that’s an honest question.