HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities

John Hammond · Beginner ·🔐 Cybersecurity ·5y ago

Seriously, isn't Snyk SUPER COOL? Check it out! https://snyk.co/johnhammond Exploit Goof, the vulnerable web app! https://github.com/snyk/goof 00:07 - BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro 01:00 - What is snyk? 02:36 - Snyk can be FREE! 03:34 - Connecting Snyk to Github 04:54 - Discovering Goof, the Vulnerable Web App 07:28 - Deploying Goof 09:14 - Interacting with Goof 10:00 - Finding Directory Traversal/File Access 11:22 - Snyk Vulnerability Database 13:22 - Patching Vulnerabilities with Snyk 19:52 - Pivoting back to the HackTheBox BlitzProp challenge 20:58 - Finding Prototype Pollution and RCE with Snyk 21:41 - Deploying the BlitzProp challenge with Docker 22:52 - Exploiting the Prototype Pollution vulnerability 26:32 - Using Snyk to Patch the Vulnerability 28:38 - Validating the change with our exploit 29:21 - Wrap Up & Thank You Hang with our community on Discord! https://johnhammond.org/discord If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →

Code Commentaries? PHP to JavaScript in Bash and PHP!

Code Commentaries? PHP to JavaScript in Bash and PHP!

Tutorials? MySQL connection with PHP and Bash!

Tutorials? MySQL connection with PHP and Bash!

Variable Naming in Python! Happy Birthday, Linux! Nokia N900!

Variable Naming in Python! Happy Birthday, Linux! Nokia N900!

JavaScript Splits The URL!

JavaScript Splits The URL!

HTML Tables in Python!

HTML Tables in Python!

HTML, Net Shares, GML!

HTML, Net Shares, GML!

Python 08 Programming Style and Comments

Python 08 Programming Style and Comments

Python 26 Object Oriented Programming

Python 26 Object Oriented Programming

75 Python Tutorials, Out Now!

75 Python Tutorials, Out Now!

Batch 14 Mathematical Expressions

Batch 14 Mathematical Expressions

Batch 85 Array Append

Batch 85 Array Append

Batch 86 Array Count

Batch 86 Array Count

Batch 87 Array Index

Batch 87 Array Index

Batch 88 Array Insert

Batch 88 Array Insert

Batch 89 Array Remove

Batch 89 Array Remove

Batch 90 Array Reverse

Batch 90 Array Reverse

Python [colorama] 00 Installing on Linux

Python [colorama] 00 Installing on Linux

Python [colorama] 09 Cursor Position

Python [colorama] 09 Cursor Position

Python [hashlib] 02 Algorithms

Python [hashlib] 02 Algorithms

Python 00 Installing IDLE on Linux

Python 00 Installing IDLE on Linux

Python [pygame] 11 Rectangular Collision Detection

Python [pygame] 11 Rectangular Collision Detection

Python [pygame] 12 Platforming Rectangular Collision Resolution

Python [pygame] 12 Platforming Rectangular Collision Resolution

Python [XML-RPC] 01 Research

Python [XML-RPC] 01 Research

Python [pyenchant] 03 Personal Word Lists

Python [pyenchant] 03 Personal Word Lists

FancyURLopener Authentication and User-Agent [urllib] 03

FancyURLopener Authentication and User-Agent [urllib] 03

Python 04: PEP8 Coding

Python 04: PEP8 Coding

Python Challenge! 17 COOKIES

Python Challenge! 17 COOKIES

Google CTF 2016: Ernst Echidna

Google CTF 2016: Ernst Echidna

Google CTF 2016: Spotted Quoll

Google CTF 2016: Spotted Quoll

Google CTF 2016: Can you Repo It?

Google CTF 2016: Can you Repo It?

Google CTF 2016: No Big Deal

Google CTF 2016: No Big Deal

Google CTF 2016: In Recorded Conversation

Google CTF 2016: In Recorded Conversation

Homemade CTF Challenge: 01 "Orchestra"

Homemade CTF Challenge: 01 "Orchestra"

Homemade CTF Challenge: 02 "Bae's Base"

Homemade CTF Challenge: 02 "Bae's Base"

Homemade CTF Challenge: 03 "Web Hunt"

Homemade CTF Challenge: 03 "Web Hunt"

Homemade CTF Challenge: 04 "UPX"

Homemade CTF Challenge: 04 "UPX"

Homemade CTF Challenge: 05 "The Assumption Song"

Homemade CTF Challenge: 05 "The Assumption Song"

Homemade CTF Challenge: 06 "A Brisk Stroll"

Homemade CTF Challenge: 06 "A Brisk Stroll"

Homemade CTF Challenge: 06 "I lost my password!"

Homemade CTF Challenge: 06 "I lost my password!"

web25 :: Mr. Robot : EKOPARTY CTF 2016

web25 :: Mr. Robot : EKOPARTY CTF 2016

web50 : RFC 7230 :: EKOPARTY CTF 2016

web50 : RFC 7230 :: EKOPARTY CTF 2016

misc50 : Hidden inside EKO :: EKOPARTY CTF 2016

misc50 : Hidden inside EKO :: EKOPARTY CTF 2016

Hack The Vote 2016 CTF: Sander's Fan Club [web100]

Hack The Vote 2016 CTF: Sander's Fan Club [web100]

Hack The Vote 2016 CTF Warpspeed [forensics150]

Hack The Vote 2016 CTF Warpspeed [forensics150]

Juniors CTF 2016 :: Black Suprematic Square

Juniors CTF 2016 :: Black Suprematic Square

Juniors CTF 2016 :: Six Strange Tales

Juniors CTF 2016 :: Six Strange Tales

Juniors CTF 2016 :: Lost Code

Juniors CTF 2016 :: Lost Code

Juniors CTF 2016 :: Here Goes!

Juniors CTF 2016 :: Here Goes!

Juniors CTF 2016 :: Southern Cross

Juniors CTF 2016 :: Southern Cross

Juniors CTF 2016 :: Clone Attack

Juniors CTF 2016 :: Clone Attack

Juniors CTF 2016 :: Dirty Repo

Juniors CTF 2016 :: Dirty Repo

Juniors CTF 2016 :: Hackers Blog

Juniors CTF 2016 :: Hackers Blog

Juniors CTF 2016 :: Voting!!!

Juniors CTF 2016 :: Voting!!!

Juniors CTF 2016 :: The Good, The Bad and The Junkman

Juniors CTF 2016 :: The Good, The Bad and The Junkman

Juniors CTF 2016 :: Stop Thief!

Juniors CTF 2016 :: Stop Thief!

Juniors CTF 2016 :: ROFL

Juniors CTF 2016 :: ROFL

Juniors CTF 2016 :: Restriced Area

Juniors CTF 2016 :: Restriced Area

Juniors CTF 2016 :: Oh SSH!

Juniors CTF 2016 :: Oh SSH!

HackCon CTF 2017 TRIVIA and BONUS Challenges

HackCon CTF 2017 TRIVIA and BONUS Challenges

HackCon CTF 2017 "Bacche" Challenges

HackCon CTF 2017 "Bacche" Challenges

Related AI Lessons

Virtual Keyboard Login with PingOne Advanced Identity Cloud

Learn how to use a virtual keyboard for secure login with PingOne Advanced Identity Cloud to prevent keylogger attacks

Medium · Cybersecurity

Why Businesses Quietly Accept Technology Friction as “Normal”

Businesses often accept technology friction as normal, but it can have significant impacts on productivity and security

Medium · Cybersecurity

The Model You Just Downloaded Might Own Your Network — What I Learned Building Defenses Against AI…

AI models from public repositories can pose a significant threat to enterprise security due to poisoned weights, and learning to defend against them is crucial

Medium · Cybersecurity

I Found Backdoored AI Models on Hugging Face — And So Has Everyone Else Who Bothered to Look

Backdoored AI models are prevalent on Hugging Face, posing a significant security risk to the AI supply chain, and it's crucial to secure it

Medium · Cybersecurity

Chapters (17)

0:07 BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro

1:00 What is snyk?

2:36 Snyk can be FREE!

3:34 Connecting Snyk to Github

4:54 Discovering Goof, the Vulnerable Web App

7:28 Deploying Goof

9:14 Interacting with Goof

10:00 Finding Directory Traversal/File Access

11:22 Snyk Vulnerability Database

13:22 Patching Vulnerabilities with Snyk

19:52 Pivoting back to the HackTheBox BlitzProp challenge

20:58 Finding Prototype Pollution and RCE with Snyk

21:41 Deploying the BlitzProp challenge with Docker

22:52 Exploiting the Prototype Pollution vulnerability

26:32 Using Snyk to Patch the Vulnerability

28:38 Validating the change with our exploit

29:21 Wrap Up & Thank You

VPC Service Controls: Day Two Operations