Attacking Language Server JSON RPC
While auditing a VSCode Extension + Language Server I noticed something interesting. This turned into the research question "can we attack the extension from the browser?". After a bit of preliminary research I decided to do it again on stream, and eventually made this video. This is how security research can look like.
What is a Server? • What is a Server? (Deepdive)
What is a Protocol? • What is a Protocol? (Deepdive)
GitLab 11.4.7 RCE • GitLab 11.4.7 Remote Code Execution -...
Live Stream: • Attacking VSCode Extension from Brows...
My Font (advertisement): https://shop.liveoverflow.com/
Interested in more videos like this? • Security Research
Chapters:
00:00 - Why Security Research?
01:23 - What is a Language Server?
02:53 - Setup Example Code
04:00 - RCE in VSCode Extension?
05:25 - The Language Server Code
06:29 - Researching Communication
11:13 - Can a Browser Attack the VSCode Extension?
13:54 - Research Results
15:40 - Ad n' Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
