John Hammond
Seriously big HUG OPS and support to all the developers and security team working behind the scenes on this. It might be a booboo in whatever way shape or form, but improving security is always a good thing.
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧JOIN MY NEWSLETTER ➡
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
Some further details from an article released after this video was uploaded (I also joined PirateSoftware's stream to discuss this, VOD available soon): https://techcrunch.com/2024/03/20/apex-legends-hacker-said-he-hacked-tournament-games-for-fun/
– Destroyer2009 claiming responsibility for the incident
– Not sharing further details on "how" until everything is patched
– Claimed they did it just for the lolz, but has nothing to do with the server and did not go outside the Apex process
– Didn't do vulnerability disclosure process because there is no bug bounty/vulnerability disclosure program 🤪
This gives me big “Clara” vibes IKYK 😉
CS:go to COD ,apex legends these Fps games so overrated from past couple of years.
I really miss cod as a single player shooter game.
I think some kids (from 2009 in name) put malware on the computers before the tournament started
They are full of it.
They had the hacks on the computer.
First dude toggled them by accident
2nd one a straight cheater. I'm getting hacked.. when ppl tell you to back out and you say it's OK, I won't shoot… no. He's a giant cheater.
Their computers were not injected with anything
The chat message spam was done by scriptkid years ago…. when the chat would tell ppl where the cheater was in csgo.
Remote code execution is only possible if the player downloaded the client before hand.. you know.. the code in the cheat hardware…
This is so dumb and stop trying to downplay it
It's like me saying I got anydesk on my computer.. how does it get there?
They are busted.
LOL – I'd say they are cheaters but didn't realise the consequence of using cheat services.
I wouldn't be surprised if APEX anti cheat discovers the cheat service like an AV and just runs it.
Or the cheat service automatically starts when Apex starts.🤣😂🤣
We can guess all we want but until someone picks up that aimbot to see what it does we can wait and see.
these two players were definitely running a background program, maybe it was disguised as something else or maybe they straight up knew it was a cheat. That program allowed backdoor access, it's really that simple.
I loved the 4hr long discussion on piratsoftware
Is there any published documentation on the alleged Source Engine vulnerability?
Did anybody catch the Vote Putin option in the hack overlay?
i think the hack is not some one load a hack if not the hackes show on screen the cheat they been using because they never really show you they using hacks i propose the pp whos running a competition make it those professionals gamers play on the hardware provide by the association who run the competition and not permit any gamers to use any software or hardware of they own then u will se who is real professional gamer
I really like you theory on a vulnerability in the game API. It seems very realistic that the hacker found a way to manipulate api requests and control the server; just by joining the game and modifying their client's requests.
More likely to drum up biz, and second if they bet a large amount of money on the game and they wanted to disqualify these people. It's almost always about money.
System's Analyst and Programmer here.
Before Thor begun looking into this with ImperialHAL I for one suspected this:
– compromised machines
– compromised machines due to the present of cheating software installed by the players
– an RCE vulnerability within Respawn's code for Apex
– a vulnerability originated in EAC
I agree with most of the conclusions by Thor. Haven't watched this video by JH, though.
@john hammond,
Respawn has had a turbulent past 8 years with their netcode. It all started with Titanfall 1. The first attacks (DDoS and client machine crashes) started just before the release of Titanfall 2.
Between client crashes and DDoS Titanfall 1 became unplayable from 2016 to early 2023
Then hackers (not just one J*** but a group) turned their sights to Titanfall 2.
Then a counter reaction begun taking place…but that too led to more problems.
Titanfall 1: unplayable
Titanfall 2: unplayable and clients often crashing "mysteriously".
Apex: servers crashing, DDoS and hackers posting msgs to Save Titanfall via the Apex client.
It also became known that Respawn's netcode leaked IP and other client data.
So, this is not something that many of us did not anticipate. And it's not that less serious as what happened to CoD games pre-2020.
I just want to know what shirt that is and where to get one
@PirateSoftware on Twitch cracked the mystery or part of it baby!
honestly they could have multiple vunls… the cost of exposing one to spread your name is little, no?
could someone have access to content creator server. couldn't it be an angry intern ea let go.
1:52, I think is really cool too! in a rather more subdued and very analytical, morbid, way.
Lets be honest. No one wants this to happen; and as much as we can get excited about it happening, over all this isn't something we should be praising for happening.
It's Gen like in generation or gin like the drink.
I remember that name destroyer… i got hacked by one with that name in Diablo 2 back when I as riding the top of the ladder in 2008-2010.
I wonder if they are the same destroyer
I think a lot of it is Squirrel script execution. It's been around since Apex came out, and was present in past Respawn games. There was a huge vulnerability in TF2 where you could literally bind server commands to a key and execute them, and the server wouldn't do any checks and just do whatever you told it. Respawn tries to keep up and patch the methods, but people are usually able to find ways around it.
But everything destroyer has annoyed streamers with has been around forever. It's documented and actually insane how badly the servers can be manipulated. But the only thing I've never seen is how destroyer was able to give them cheats if he claims to have never gone outside the Apex process. It's probably an internal cheat since the menu seemed to have been drawn in-game. But I would've thought you needed to have a RAT that could drop a DLL and inject it. So I'm very curious to see how that was done. Aimbot doesn't seem impossible, but silent aim is something else, and also the ESP that Gen had.
Whatever the case, I wonder how it'll be handled and fixed. I've seen some people on forums suggest it's not a difficult fix, while others say Respawn should just rewrite all the server code. We'll see.
They could have bet money on the matches and hacked to insure that they won thier bets