![PwnFunction](/img/default-banner.jpg)
- 20
- 6 562 634
PwnFunction
India
Registrace 17. 01. 2019
Compute Hard.
Animated guide to Linear Regression
🐶 Snyk is free forever. Sign up with my link snyk.co/pwnfunction
⭐ GitHub: github.com/PwnFunction/linear-regression
🐤 X: PwnFunction
🧰 Tools used are: tools.pwnfunction.com/
🎵 Track: STRLGHT - Destination
⭐ GitHub: github.com/PwnFunction/linear-regression
🐤 X: PwnFunction
🧰 Tools used are: tools.pwnfunction.com/
🎵 Track: STRLGHT - Destination
zhlédnutí: 16 657
Video
How To Predict Random Numbers Generated By A Computer
zhlédnutí 539KPřed 2 lety
In this episode we'll break the Math.random method in JavaScript with z3. 🐶 Snyk is free forever. Sign up with my link snyk.co/pwnfunction ⭐ Randomness Predictor: github.com/PwnFunction/v8-randomness-predictor ⭐ Z3 Challenges: github.com/PwnFunction/learn-z3 ✨ Info ➜ Tools used are: tools.pwnfunction.com/ ➜ Video Production time(Research to Output): 100-ish hours. ➜ About 2L of Almond milk & 3....
Dangerous Code Hidden in Plain Sight for 12 years
zhlédnutí 1,7MPřed 2 lety
In this episode we'll explore a local privilege escalation vulnerability in polkit's pkexec. 🐶 Snyk is free forever. Sign up with my link snyk.co/pwnfunction ⭐ Code All Resources: github.com/PwnFunction/CVE-2021-4034 ✨ Info ➜ Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Adobe Auditions. ➜ VSCode: Monokai Pro Theme, Jetbrains Mono Font, SF Mono Font. ➜ Video Production ...
one wrong npm package
zhlédnutí 182KPřed 2 lety
In this episode we'll explore Javascript Prototype Pollution. 🐶 Snyk is free forever. Sign up with my link snyk.co/pwnfunction ⭐ Code All Resources: github.com/PwnFunction/Next.js-Flat-Prototype-Pollution 🔗 Prototype Pollution in flat: security.snyk.io/vuln/SNYK-JS-FLAT-596927 ✨ Info ➜ Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. ➜ VSCode: Monokai Pro Theme, ...
Don't make random HTTP requests.
zhlédnutí 383KPřed 2 lety
In this episode we'll explore the world of SSRFs. ⭐ LiveOverflow Blog Post Instructions: liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ ✨ Info ➜ Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. ➜ VSCode: Monokai Pro Theme, Dank Mono Font. ➜ Video Production time: 60-ish hours. ➜ 6 Gatorades were consumed. 💬 Discord: discord.gg/6KKQHvgJw...
This Website has No Code, or Does it?
zhlédnutí 1,1MPřed 3 lety
In this episode we'll explore the world of HTTP and CSS to hide some code. ⭐ Code: github.com/PwnFunction/Blank-Rick-Roll ✨ Info ➜ Tools used are: Adobe Animate, Adobe Premiere Pro, Adobe Illustrator & Audacity. ➜ VSCode: Monokai Pro Theme, Dank Mono Font. ➜ Video Production time: 40-ish hours. ➜ 4 Redbulls were consumed. 💬 Discord: discord.gg/6KKQHvgJwv 🐤 Twitter: PwnFunction 🎵 Tra...
Why you should Close Your Files | bin 0x02
zhlédnutí 320KPřed 3 lety
#BinaryExploitation #FileDescriptor #Attack In this video, we're gonna look at how one can abuse file descriptors in some cases to get access to "sensitive" documents. 🔗 Code Build Instructions: old.hackercamp.co/ 🔗 Original Blog: www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html 💬 Discord: discord.gg/6KKQHvgJwv 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (feat. ...
How some functions can be Dangerous | bin 0x01
zhlédnutí 141KPřed 3 lety
#BinaryExploitation #ELF #Executables This is the second video in the series Binary Exploitation. In this video, we're gonna look at some simple attacks via dangerous functions. 🔗 Code Build Instructions: old.hackercamp.co/ 💬 Discord: discord.gg/6KKQHvgJwv 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: czcams.com/video/yJg-Y5byMMw/video.html
What are Executables? | bin 0x00
zhlédnutí 185KPřed 3 lety
#BinaryExploitation #ELF #Executables This video is an introduction to ELF Executables in Linux. Also it's the first video of a new series called Binary Exploitation. 💬 Discord: discord.gg/6KKQHvgJwv 👨💻 HackerCamp: hackercamp.co 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: czcams.com/video/yJg-Y5byMMw/video.html
Insecure Deserialization Attack Explained
zhlédnutí 109KPřed 3 lety
#Deserialization #WebSecurity We'll explore the basic concepts of an Insecure Deserialization by attacking a web app written in Python. 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: czcams.com/video/yJg-Y5byMMw/video.html
Server-Side Template Injections Explained
zhlédnutí 89KPřed 3 lety
#SSTI #WebSecurity This video explores the world of Server-Side Template Injections (SSTI), primarily we'll look at Python with Flask framework as an example, but the core ideas explained in the video is applicable to wide set of Languages and Frameworks. Original Research: portswigger.net/research/server-side-template-injection 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (fea...
Cross-Site Scripting (XSS) Explained
zhlédnutí 436KPřed 4 lety
#XSS #WebSecurity This time we are going to explore the world of Cross Site Scripting under 12 minutes. 🔗 Links ✨ XSS Game: xss.pwnfunction.com/ ⭐ Code: github.com/PwnFunction/xss.pwnfunction.com Custom Twitch Chat XSS: czcams.com/video/2GtbY1XWGlQ/video.html 🐤 Twitter: PwnFunction 🎵 Track: Warriyo - Mortals (feat. Laura Brehm) NCS link: czcams.com/video/yJg-Y5byMMw/video.html
Solving a Hard Google CTF challenge - "Paste-tastic!"
zhlédnutí 93KPřed 4 lety
#WebSecurity #Google #CTF A video writeup on one of the web challenges from the recent Google CTF 2019. 👨💻 SPONSORED BY INTIGRITI - www.intigriti.com/ 🔗 Links • Google CTF: capturetheflag.withgoogle.com • LiveOverflow Paste-tastic! Stream: czcams.com/video/zjriIehgAec/video.html • LiveOverflow's channel: czcams.com/channels/lcE-kVhqyiHCcjYwcpfj9w.html • LiveOverflow - Filemanager: czcams.com/v...
XXE Challenge - Google CTF
zhlédnutí 41KPřed 5 lety
#WebSecurity #XXE #Google #CTF A video writeup on one of the web challenges from the recent Google CTF 2019. 👨💻 SPONSORED BY INTIGRITI - intigriti.com 🔗 Links • Google CTF: capturetheflag.withgoogle.com • Insomnia: insomnia.rest • XXE video Explanation: czcams.com/video/gjm6VHZa_8s/video.html • Beeceptor: beeceptor.com/ 🔥 Exploiting XXE with local DTD files: mohemiv.com/all/exploiting-xxe-with...
Cross-Site Request Forgery (CSRF) Explained
zhlédnutí 439KPřed 5 lety
Cross-Site Request Forgery (CSRF) Explained
Insecure Direct Object Reference (IDOR) Explained
zhlédnutí 103KPřed 5 lety
Insecure Direct Object Reference (IDOR) Explained
also never shows how to do the first one he shows
Why no new videos?
But isn't the cookie domain-specific? When we click the cat site(evil) would it still send the cookie(containing sensitive data like sessionId), though it is not associated to hat cat's domain?
Incredible video, I have been drinking allot of concepts from a water hose for my CySA+ and XSS for whatever reason was one I really struggled to conceptualize.
Can I predict numbers in a Super pick game or a Roulette game. Can anyone help me.
Very nice video, I love the explanation!
Also, we should preferably use innerText attribute to put content inside a html element
U made me sub in 2 mins
this vids gonna have the 2nd birthday in 4 days, and this was the first video ive watched from you!!
Best explanation!
you hyped me up for cybersec
amazing 🔥
amazing
incredibly informative!
thank you !!!! Awesome !!!
Bringg more videosss
Just tried out Hedgus Cloud WAF for my site. It’s pretty good, and there's a free trial if anyone's interested
<script>alert(!33)</script>
I have litterly never heard about this before, this is so cool, i almost tought it was an April fool's video for a second
good vid
Very useful video, thanks!
if we could predict randomness, then it's aren't random again.
you're too good in explaining although i request you to make videos on all the owasp top 10
I mostly write web applications in .NET, and this is really an awesome video. You just made realize that this fairly simple vulnerability can cause a lof of problems.
Awesome video
Can cors prevent this request when credentials are included and the cookie is http only?
How we predicte aviator next round using this method?
Don't let the channel die. I'm learning to code on Odin, and bookmarked it. Soon I'll be able to get it.
Such a great video in very low audio humiliate the home theater`s full vol sound.
So cat != safe ? :(
How to predict the Next number in colour prediction game,, please help me brother ❤❤🙏🏻
Hello, would you like to share the name of software you're using for editing videos? They looks quite awesome!
Just disable right click and prevent short cut keys Bruuuhh
wont work still other ways
Or you can encrypt the whole webpage, so that none of the content makes any sense unless you have the password. If you have the password then all good and the page opens as normal, if not you get NoPassRedirectBlank ! This then is a good way to stop unauthorised use of you content. If the enquiry is repeated more than three times the next request is rejected from the same IP. you can also obfuscate by making a page that looks like a real webpage but it is only a holding page really.
its easy to decrypt tho
Best video
<script>alert(1)</script>
haha lol
kjbjkbkjbkjb
slakdnalskndk!
zhina
fycj
please make more content like this
msg me on this: if RNG isnt random then isnt it possible to predict any video poker table or electronic roulette wheel, ext..? i say it would need to be done on an online gambling site where you can track the data thats displayed (cards, numbers) only if the rng is based off what is shown. and not a video feed of 100 lava lamps (/s). how many video gambling machines do you think use rng based off what is shown? even if its an internal rng system it would be systematic so with enough plays you could go from start to finish in the rng pool. you would just need to know where you are in that list?
Can anyone validate his learning site does not inject some funky js into local storage?😅
200k subs! Congratulations!
Hoyy youtube.. show me more of such videos, I am in love with it rn (tho i didn't understand it completely)
In insomnia you can paste from curl and in devtools you can copy as curl so for future that can make your job much easier when working in insomnia
cs1
sex
sex
msda1