HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities

Seriously, isn't Snyk SUPER COOL? Check it out! https://snyk.co/johnhammond Exploit Goof, the vulnerable web app! https://github.com/snyk/goof 00:07 - BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro 01:00 - What is snyk? 02:36 - Snyk can be FREE! 03:34 - Connecting Snyk to Github 04:54 - Discovering Goof, the Vulnerable Web App 07:28 - Deploying Goof 09:14 - Interacting with Goof 10:00 - Finding Directory Traversal/File Access 11:22 - Snyk Vulnerability Database 13:22 - Patching Vulnerabilities with Snyk 19:52 - Pivoting back to the HackTheBox BlitzProp challenge 20:58 - Finding Prototype Pollution and RCE with Snyk 21:41 - Deploying the BlitzProp challenge with Docker 22:52 - Exploiting the Prototype Pollution vulnerability 26:32 - Using Snyk to Patch the Vulnerability 28:38 - Validating the change with our exploit 29:21 - Wrap Up & Thank You Hang with our community on Discord! https://johnhammond.org/discord If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: [email protected] PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond