This is the first part of exploiting ffmpeg. A huge thank you to Paul Cher for the excellent work on recording the process and sharing his research. I merely edited it together.

Vulnerable Version: https://github.com/FFmpeg/FFmpeg/tree/d903b4e3ad4a81b3d…

Deeper look at CVE-2016-10190. A Heap overflow caused by a negative HTTP chunksize.

Vulnerable Version: https://github.com/FFmpeg/FFmpeg/tree/d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173
Paul on Twitter: https://twitter.com/__paulch
LiveOverflow Podcast: ht…

Paul shows us another exploit for FFmpeg. The vulnerability is located in the RTMP protocol. While working with the binary format of the protocol requires a lot of work, the exploit itself is very easy.

Vulnerable Version: https://github.com/FFmpeg/FFmp…

Our guest for this episode of the OWASP DevSlop Show is Paul Ionescu; Paul is a Security Architect and OWASP Chapter Leader from Ottawa, Canada. He is the creator and maintainer of the Secure Coding Dojo open source project.

Code review is, hopefully, part…

While working for browser-based attacks on the URL bar, I learned a way where it was still possible to spoof address bar in safari. None…

Facebook bug bounty remote crash bug

A story of turning an Informative bug to critical bug

Since the dawn of the World Wide Web, attackers have been involved in discovering techniques to compromise systems. Likewise security…

Earn $$. Learn What You Need to Get Certified (90% Off): https://nulb.app/cwlshop

How to Run an OSINT Investigation on a Phone Number
Full Tutorial: http://bit.ly/PhoneOSINT
Subscribe to Null Byte: https://goo.gl/J6wEnH
Kody's Twitter: https://twitter.com/KodyKinzie…

Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, Inc.

Passwords are finally being left behind in favor of two-factor (2FA) and multifactor (MFA) authentication. Some vendors are promoting “unhackable” 5FA solutions. It’s all a lie. All authentication…

Live every Sunday on Twitch:
https://twitch.tv/nahamsec

Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1

Free $100 DigitalOcean…