Thank you for uploading these lectures.

Thanks :)

at 53:00 i don't think that example really is proving anything about node code injection right? cause command line is parsing that as two separate statements b/c of the semicolon: 1) run the node program with your arg, then 2) run the command ls (it is NOT the node program that is invoking ls it is the command line doing it). to get the injection you would need to run the node program like: node cat.js 'file.txt; ls' also i've been loving these lectures thanks so much for putting them out here i'm learning so so so much stuff. perfect for quarantine times!