fk/kpt-labs-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
kpt-labs-vault/05-Dashboard/YouTube/QGC40AfmgY0 - AI Did This_.md
Floki 037991213b auto-sync: 2026-06-26_14:49:53
2026-06-26 16:49:53 +02:00

884 lines
6.2 KiB
Markdown
Raw Blame History

---
video_id: QGC40AfmgY0 | title: "AI Did This." | date: 2026-06-22T08:05:05.754981
sentiment: neutral | category: Other
duration: 659 | views: 350045 | channel: Low Level
tags: [youtube, video, automatisch-verarbeitet]
**Quelle:** yt_dlp_subs+translate | **Sprache:** en
---
# AI Did This.
**Kanal:** Low Level | **Dauer:** 659s | **Aufrufe:** 350045
## Zusammenfassung
## Key Points
## Takeaways
## Transkript
Researchers
found
21
zero-day
vulnerabilities
in
FFmpeg.
They
used
AI
to
do
it,
but
they
didn't
use
Mythos.
Now,
FFmpeg,
if
you're
not
aware,
is
one
of
the
most
widely
used
piece
of
software
on
the
internet.
Literally,
there
are
graphics
and
memes
that
are
mostly
true
that
show
that
FFmpeg
basically
holds
up
the
entirety
of
the
internet.
FFmpeg
is
literally
multimedia
library
that
allows
you
to
convert
one
file
format
to
another,
to
play
media,
to
stream
media,
bunch
of
stuff.
This
meme
here
implies
that
FFmpeg
holds
up
things
like
YouTube,
TikTok,
Twitch,
Instagram.
This meme
also
implies
that
like
Pornhub
holds
up
the
the
entirety
of
the
rest
of
the
internet,
not
sure
how
that
works,
but
in
any
case,
FFmpeg
very,
very
important.
want
to
use
this
video
to
talk
about
not
only
the
bugs
that
it
found
and
kind
of
how
they
did
it,
but
what
AI
means
for
the
future
of
vulnerability
research
and
why
you
may
not
necessarily
need
Mythos
or
$20,000
to
find
bugs
like
this.
Now,
FFmpeg
is
code
base
written
almost
entirely
in
with
some
inline
assembly
sprinkled
in
there
for
performance
optimization.
The
code
base
written
in
is
good
thing
inherently.
FFmpeg
is
extremely
performant
and
very
good
at
what
they
do,
but
like
any
code
base,
if
it
gets
big
enough
with
enough
people,
it
is
going
to
have
vulnerabilities.
It's
not
skill
issue
in
my
opinion,
it's
just
language
that
allows
that
kind
of
thing
to
happen.
The
FFmpeg
developers,
by
the
way,
are
some
of
the
most
skilled
in
the
world.
Notoriously,
some
of
the
best
code
base
in
the
world
in
FFmpeg.
But
again,
any
code
base
that
is
in
will
eventually
have
bugs.
It's
kind
of
inevitable.
And
with
the
advancements
of
AI,
every
day
it's
more
and
more
likely
that
your
organization
might
get
hacked.
You
got
to
be
prepared,
and
that's
why
today's
video
is
sponsored
by
ThreatLocker.
ThreatLocker
is
zero-trust
platform
that
allows
your
organization
to
stop
hackers
if
they
get
in.
With
deny-by-default
policies,
your
organization
controls
what
happens
when
compromise
occurs.
ThreatLocker's
device
dashboard
allows
you
to
have
visibility
of
all
the
devices
in
your
organization.
When
they
join
your
organization,
they
go
through
an
application
control
learning
period
where
ThreatLocker
learns
exactly
what
is
required
for
your
device
to
run.
After
that
control
learning
period
is
over,
it
will
deny
the
rest
by
default,
giving
you
confidence
that
untrusted
applications
aren't
running.
So,
that
when
Frank
from
engineering
inevitably
runs
definitely
not
malware.ps1,
ThreatLocker
blocks
it
before
it
even
runs.
And
if
they
really
need
to
run
it,
they
can
put
little
message
in
here
where
your
SOC
can
respond
to
it
as
soon
as
they
see
it.
And
with
ThreatLocker's
new
zero-trust
network
access,
you
can
push
network
rules
down
to
the
device
where
every
connection
is
intentional
and
required
by
the
baseline
that
ThreatLocker
collects.
All
traffic
is
blocked
by
default
unless
it
matches
your
rules
where
you
get
to
control
which
users
can
connect,
which
devices
are
approved,
and
which
resources
are
accessible.
As
you
know
the
rule,
the
best
way
to
go
help
the
channel
out
is
to
go
interact
with
the
sponsor.
Go
get
ThreatLocker
shot,
and
next
time
zero-trust
comes
up
at
your
company,
why
don't
you
mention
ThreatLocker?
Thank
you
for
sponsoring
the
video,
ThreatLocker.
Let's
get
back
to
it.
21
vulnerabilities
found
in
FFmpeg.
You'll
notice
that
all
of
them
have
some
kind
of
overflow,
stack
overflow,
heap
overflow,
integer
overflow,
very
common
thing
that
occurs
in
code
bases,
especially
in
code
bases
that
have
to
parse
user
data.
If
you
consider
that
any
one
of
the
fields
in
the
BMP
file
format
could
be
malicious,
for
example,
files
like
the
image
height,
the
image
width,
the
bits
per
pixel,
the
pixels
per
meter,
it's
very
hard
to
say,
etc.
All
of
them
do
some
kind
of
math
that
point
into
another
location
of
memory
where
the
actual
pixel
data
is
stored.
If
any
of
these
fields
are
malicious
and
not
properly
validated,
it
could
lead
to
some
kind
of
overflow
or
underflow
in
calculation
leading
to
access
to
memory
outside
of
the
bounds
of
this
image
data
array.
Very
simple
use
case.
Now,
luckily,
some
of
these
bugs
have
only
been
around
since
2023,
some new
file
formats
or
new
implementations
of
those
file
formats.
But
one
in
particular
is
actually
stack-based
buffer
overflow
that
has
been
around
since
2003
with
the
original
SDT
implementation.
Not
sure
what
that
is.
It
sat
latent
for
23
years,
and
even
so,
platforms
like
Google's
Big
Sleep
and
their
OSS-Fuzz
repo,
repos
that
are
actively
looking
for
through
AI
and
open-source
fuzzing,
through
those
efforts
to
find
bugs
in
FFmpeg,
still
couldn't
find
it.
The
bug
that
the
blog
author
pointed
out,
which
is
really
crazy
bug,
is
uh
skipped
frame
marker
to
PC
control.
Basically,
what
you
have
to
do
here
is
run
FFmpeg
and
simply
ingest
an
RTSP
stream,
okay?
Literally,
if
you
watch
Twitch
or
you
watch
YouTube
streams,
anything
any
kind
of
live
content,
typically
what
[YouTube →](https://youtube.com/watch?v=QGC40AfmgY0)
---
_Verarbeitet: 2026-06-22 08:05_
Reference in New Issue View Git Blame Copy Permalink