Attacking Language Server JSON RPC
While auditing a VSCode Extension + Language Server I noticed something interesting. This turned into the research question "can we attack the extension from the browser?". After a bit of preliminary research I decided to do it again on stream, and eventually made this video. This is how security research can look like.
What is a Server? • What is a Server? (Deepdive)
What is a Protocol? • What is a Protocol? (Deepdive)
GitLab 11.4.7 RCE • GitLab 11.4.7 Remote Code Execution -...
Live Stream: • Attacking VSCode Extension from Brows...
My Font (advertisement): https://shop.liveoverflow.com/
Interested in more videos like this? • Security Research
Chapters:
00:00 - Why Security Research?
01:23 - What is a Language Server?
02:53 - Setup Example Code
04:00 - RCE in VSCode Extension?
05:25 - The Language Server Code
06:29 - Researching Communication
11:13 - Can a Browser Attack the VSCode Extension?
13:54 - Research Results
15:40 - Ad n' Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Watch video Attacking Language Server JSON RPC online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 11 March 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 56,278 once and liked it 3 thousand people.