Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2. Challenge: https://capturetheflag.withgoogle.com... Pasteurize: • XSS a Paste Service - Pasteurize (web) Goo... 00:00 - Intro 00:50 - Functionality Overview 01:29 - HTML Injection 02:25 - Making a Plan 02:50 - theme.js Discovering JSONP Endpoint 03:51 - user.js The User Class 04:23 - utils.js Start of Chain 04:44 - No Ideas... 05:07 - DOM Clobbering: window.load_debug 06:05 - Doing Security Research 07:25 - Anything else to clobber? 07:49 - Start from beginning, discover _debug_ 08:10 - The load_debug() function 09:20 - window.name is special 09:41 - Try it yourself! 10:00 - Outro =[ ❤️ Support ]= → per Video: / liveoverflow → per Month: / @liveoverflow =[ 🐕 Social ]= → Twitter: / liveoverflow → Website: https://liveoverflow.com/ → Subreddit: / liveoverflow → Facebook: / liveoverflow =[ 📄 P.S. ]=
Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
11 New JS Features You Can Use Today!
XSS a Paste Service - Pasteurize (web) Google CTF 2020
XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
Why Aliens Would NEVER Invade Africa
GoogleCTF - Cross-Site Scripting "Pasteurize"
How Huawei Just Built an Impossible Chip
How to Answer ANY Question (Even If You Don't Know The Answer!)
XSS on Google Search - Sanitizing HTML in The Client?
Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018
OWASP Top 10 2025: Your complete guide to securing your applications
Hacking into Google's Network for $133,337
RollerCoaster Tycoon Optimizations are Insane
The Insane Genius of a Formula 1 Gearbox
HTTP Parameter Pollution Explained
Building the PERFECT Linux PC with Linus Torvalds
Something is jamming GPS over Europe. Here's what we found
Solving a Hard Google CTF challenge - "Paste-tastic!"
DO NOT USE alert(1) for XSS
