Exactly, it's great to save people time so they can get to new research. People have heard me say it a million times, about references to FS:[0x30] back when I was learning about shellcode writing. This was 20 years ago and there were no search engine results. Had there been, I'd have saved many hours!
I want to say a lot of content creators see requests for easier content and don't see the ROI for advanced content. Personally would like to see you do whatever it is you want to provide. Given your coverage that isn't too say this wasn't a contribution. - GamozoLabs does a fantastic job of covering fuzzing and optimization research - 0xdf covers advent of code and, like ippsec, does war game boxes on THM, HTB etc. - cts covers memeing coding projects like educational software for skirting around Valve's anti-cheat. - 0x6d696368 ghidra - DuMp-GuY TrIcKsTeR .NET RE - OALabs Malware RE - 247CTF Learned RE - GH Learned RE & tooling - HackerSploit guided general coverage of tools - Dayzerosec application security / vuln research and recaps and so on... What I see that's missing is coverage of more modern exploitation identification and understanding in-depth, like HVCI for example, on TH-cam. Even though there are great research articles by revers.engineering and secret.club sometimes having a visual representation helps. Which is why this channel is so awesome. I recognize that most of the bleeding edge research regarding COOP for Intel's CET or smashing ARM's MTE is reserved for talks or paid trainings. Plus you're first video had Didier Stevens on and that was awesome.
@@NetworkITguy Yes, there is a ton of amazing stuff out there! I hope to cover things that have sometimes already been covered, but in a way that makes it more accessible. I have several goals, which also includes what you've suggested above. All the examples you've listed are fantastic. So, one example is to cover some of those same topics, but to try and do an even better (or different style) job when possible. I also want to cover topics that haven't been addressed, such as bringing on Steve Walbroehl recently to cover blockchain tech and things that aren't commonly discussed. Finally, I want to reach the areas you've suggested. I plan to have a coauthor of mine from Gray Hat Hacking on to discuss Hypervisor Exploitation. I plan to have Connor McGarr on to cover some of the Kernel stuff you mention. We'll see who else wants to come on to discuss some other relative areas that you describe. As you said, it gets into a cutting edge space of research where people are potentially under NDA's, or are using it for private trainings, or are keeping it internal as it's super valuable. For example, Apple has recently made things a lot harder with regard to exploitation. If someone finds something, the price tag could reach several million USD. Thanks for checking in and I hope you like the content we bring in the future!
- set up Chrome v8 engine for vuln research - basic exploitation of v8 in an easy way (other writeups are tough to understand and not easily accessible) - explain Windows mitigations and how to circumvent even theoretically such as (CFG, ACG, Exploit Guard, XFG, CFi, CET, SMEP, hypervisor security HVCI and VBS .. )
Amazing video, love the way you deliver the content. I’m assuming it comes from your experience in developing and teaching SANS courses! Subbed and looking forward to more videos in the future!
It was a delight to watch this one Stephen!. Such a great explanation of the basics. Other content creators skip the details. Thank you very much for sharing your knowledge and giving a detailed walk through with diagrams. This channel's gonna grow exponentially. I am sure of it. Cheers!
one of the best buffer overflow video!
I wish this came out a year ago when I was studying for certs that required BoF. This is a great video and thank you for recording it!
Exactly, it's great to save people time so they can get to new research. People have heard me say it a million times, about references to FS:[0x30] back when I was learning about shellcode writing. This was 20 years ago and there were no search engine results. Had there been, I'd have saved many hours!
thank you for explaining it in details, most youtube videos don't do that, thank you!!!
I'm glad it helped. I try and make sure the videos on my channel are informative.
Such an awesome video looking forward to future content
If you have ideas for future videos, let me know...
I want to say a lot of content creators see requests for easier content and don't see the ROI for advanced content. Personally would like to see you do whatever it is you want to provide. Given your coverage that isn't too say this wasn't a contribution.
- GamozoLabs does a fantastic job of covering fuzzing and optimization research
- 0xdf covers advent of code and, like ippsec, does war game boxes on THM, HTB etc.
- cts covers memeing coding projects like educational software for skirting around Valve's anti-cheat.
- 0x6d696368 ghidra
- DuMp-GuY TrIcKsTeR .NET RE
- OALabs Malware RE
- 247CTF Learned RE
- GH Learned RE & tooling
- HackerSploit guided general coverage of tools
- Dayzerosec application security / vuln research and recaps
and so on...
What I see that's missing is coverage of more modern exploitation identification and understanding in-depth, like HVCI for example, on TH-cam. Even though there are great research articles by revers.engineering and secret.club sometimes having a visual representation helps. Which is why this channel is so awesome.
I recognize that most of the bleeding edge research regarding COOP for Intel's CET or smashing ARM's MTE is reserved for talks or paid trainings. Plus you're first video had Didier Stevens on and that was awesome.
@@NetworkITguy Yes, there is a ton of amazing stuff out there! I hope to cover things that have sometimes already been covered, but in a way that makes it more accessible. I have several goals, which also includes what you've suggested above. All the examples you've listed are fantastic. So, one example is to cover some of those same topics, but to try and do an even better (or different style) job when possible. I also want to cover topics that haven't been addressed, such as bringing on Steve Walbroehl recently to cover blockchain tech and things that aren't commonly discussed. Finally, I want to reach the areas you've suggested. I plan to have a coauthor of mine from Gray Hat Hacking on to discuss Hypervisor Exploitation. I plan to have Connor McGarr on to cover some of the Kernel stuff you mention. We'll see who else wants to come on to discuss some other relative areas that you describe. As you said, it gets into a cutting edge space of research where people are potentially under NDA's, or are using it for private trainings, or are keeping it internal as it's super valuable. For example, Apple has recently made things a lot harder with regard to exploitation. If someone finds something, the price tag could reach several million USD. Thanks for checking in and I hope you like the content we bring in the future!
Oh, and if you have something you'd like to share, I'm happy to chat about having you on as a guest!
- set up Chrome v8 engine for vuln research
- basic exploitation of v8 in an easy way (other writeups are tough to understand and not easily accessible)
- explain Windows mitigations and how to circumvent even theoretically such as (CFG, ACG, Exploit Guard, XFG, CFi, CET, SMEP, hypervisor security HVCI and VBS .. )
Idea for a video: Practical WinDbg (Preview?) for Vulnerability Research and Exploit Development. E.g. triaging crashes, debugging exploits
Thank you very much!
Subscribed !!! Great granular details, feel like I learned something.... Cheers!
If you didn't learn anything, I'm failing! :) Happy New Year.
Awesome content. Followed your GXPEN course btw. Here for a refresher ;)
just awesome
Amazing video, love the way you deliver the content. I’m assuming it comes from your experience in developing and teaching SANS courses! Subbed and looking forward to more videos in the future!
It was a delight to watch this one Stephen!. Such a great explanation of the basics. Other content creators skip the details. Thank you very much for sharing your knowledge and giving a detailed walk through with diagrams. This channel's gonna grow exponentially. I am sure of it. Cheers!
dont apologize for the graphics its perfect you dont need anything flashy its just distracting anyway
Great content ;)
Thanks!
where have you been all this while..bro ..damn u good
Thanks!
Hope your channel blows up man
Thanks!