Andre  Bradtke

Andre Bradtke

1626082020

HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities

Seriously, isn’t Snyk SUPER COOL? Check it out! https://snyk.co/johnhammond
Exploit Goof, the vulnerable web app! https://github.com/snyk/goof

00:07 - BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro
01:00 - What is snyk?
02:36 - Snyk can be FREE!
03:34 - Connecting Snyk to Github
04:54 - Discovering Goof, the Vulnerable Web App
07:28 - Deploying Goof
09:14 - Interacting with Goof
10:00 - Finding Directory Traversal/File Access
11:22 - Snyk Vulnerability Database
13:22 - Patching Vulnerabilities with Snyk
19:52 - Pivoting back to the HackTheBox BlitzProp challenge
20:58 - Finding Prototype Pollution and RCE with Snyk
21:41 - Deploying the BlitzProp challenge with Docker
22:52 - Exploiting the Prototype Pollution vulnerability
26:32 - Using Snyk to Patch the Vulnerability
28:38 - Validating the change with our exploit
29:21 - Wrap Up & Thank You

Hang with our community on Discord! https://johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: [email protected]
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond

#hackthebox #snyk #vulnerabilities

HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities