hey bro are you from us? because your speaking is not same with us

@@techchannel3107 nope, Im from Poland

@@BugBountyReportsExplained ok my guess is right

thanks for welcoming me🤣

There are many of those, but somehow undetected yet

The two main attacks on how things get hacked is SQL & XSS

@@asanokatana Well, Zoom can wait for its corporate clients to watch this video after using Zoom for internal meetings on sensitive corporate financial issues or partents and school directors who use it for education and the public outcry coming from this might be the end of Zoom. But yes, safety-wise it is interesting content. Although if this issue doesn't not get resolved asap and if such corner cutting wil become a common place within any provider of on-line conferencing platform it can bring entire companies down. In more than one way.

now imagine half a country using it professionally and semi professionally like schools, and the gov openly brags about it how they opnely support this... :D 2020 is just epic - never thought i'd live to see all this

@@teknastyk yeah that sucks and probably many more exploits out there just waiting to be found

better to watch my ugly face than my expensive files :)))))

@@BenREDCZ if they can turn ur camera on, trust me they are doing way more than just watching u lol

Thanks a lot Mister

Same here 😆

Same XD

Lol same

when i don't use webcam i always unplug it.

@@fitmotheyap same here. I just plug in for a few minutes when I am required to switch on the video

yeah, this is very cool indeed

these type of encoding mangling problems are p common when it comes to web app stuff, p cool to see it translating well in an actual desktop app

yeah, that's a definitely a nice one

😂

i hope you run thru a decen hypervisor and not leave your ram exposed just like that. its 2020. vms are so 2009 xD

@@teknastyk Well, i dont think zoom is gonna jump a vm

@@teknastyk ok ms i love gen z lol ok boomer

Wait wat

As a non-native speaker Im very glad to hear that😎

@@BugBountyReportsExplained wiedziałem odrazu :d

@@user-yv6ed3io4d sprawdziłem w informacjach o kanale

@@void8370 w tym debuggerze bylo napisane gNIEDZIELA + akcent to się domyśliłem :D

Awesome mate! I believe that using videos it's possible to explain vulns better and quicker.

thanks mate, but I put a lot of work into each video and uploading them more often would be hard

Lmao this comment 😭

keep your zoom updated and they will not 😏

@@BugBountyReportsExplained who cares, chineese ai will still see and hear everything

@@MrREALball american ai can read your mind

oh yes it is!

these are the kinds of clever exploits that i live for

U saying this reminds me of people looking at a painting 🖼 in a museum and discussing it for hours, and I come shouting “Wtf it’s a tree”?

well, if the researcher just wanted to make sure that his zoom calls are secure, then $2000 is a good bonus

@@BugBountyReportsExplained looking at all the past vulnerabilities, I wouldn't use zoom at all

@@FireWyvern870 Hahah well guess what. My college and my parents' firm both use Zoom as their main medium for video conferences. I love this country.

@@BugBountyReportsExplained really it is should more than 2000$ 😠 them are stingy

You might spend time learning and do efforts that worth more than $2000 dollars, I agree.

Yeah, it seems that UTF-8 was well-designed with that in mind, but the same can't be said about UTF8 implementation in Sqlite.

UTF-8 is literally just a version of text for example, unicode, or acci

yeah mate, check if you use prepared statements

maybe one day

Good idea, but I think SQLi is easiest to detect using SAST tool or even a linter, because it's very easy spottable in the source code. The tool just looks at how did you execute the sql query.

Yes, writing your own security instead of using well-tested frameworks proves being a bad idea over and over again.

BULLETPROOF

C, ASM

Understanding the basics of hacking/cybersecurity is a good start, and from there I'd just try and learn as many vulnerabilities as you can, or learn about the systems you use, like Windows, iOS, etc.

There are a lot of areas in cybersecurity: web security, mobile security (iOS, Android), desktop client security (Windows, Mac, Linux). You need to choose one and then you can ask about languages. I reckon after about 1000 hours of learning you can get a job if have no experience right now.

awesome!

Glad you enjoyed it!!

😊

they relied on doubling quotes as a protection against SQLi

thanks for watching bre

🔥

it does

thanks mate!

Also, maybe you should add more ads to your videos, like perhaps one at the beginning, one in the middle depending on the length and content of the video and the last ad at the end!

Thanks a lot mate, but so far Im not even eligible to join YT's partner progam. But I appreciate your attitude 😉

it can be turned off 🤣🤣

@@MARTIN-101 no it cant be turned off

dzięki byniu!

On my university, they taught me doing SQL queries from Java by just string concatenation, so it was vulnerable to SQL injection. When I talked about it with the teacher, he told me it's not security class🙃 The security class never came in my syllabus😂

thanks bro

First of all, Id like to tell you that I really think that you have a great attitude to learning, based on how did you ask the question. About resources, rather than "what's X". For basics of SQL injection, go to: portswigger.net/web-security/sql-injection For the things about binaries, it's not advanced knowledge, just general stuff. I find it hard to find and give you one link.

I thing there are english automatically generated subtitles

Ive added subtitles, so you can now translate them into whatever language you want.

thanks bru

Best of luck!

Everyone needs to😏

quote from the article: Common sanitization bypasses, like including a backslash character, also fail.

@@BugBountyReportsExplained ah I see, guess that was to be expected if they handle quotes like that. Thanks! :)

what does it mean? they block the updates?

I fully agree, but also remember, that clicking does not always mean that the hacker sends you it via chat or an email. Clicking link might also mean that you visit a malicious website (eg. cause it popped up in Google search) and this website opens a link using JavaScript.

👌

welcome!

not really, as I focus more on the technical aspect, but there are a few of my videos where I show how well the report is written. See this for example: kzbin.info/www/bejne/n3OymXxjjZufeas

thanks, the credit for POC goes to Keegan

Hello!

zoom security team must have agreed to disclose the writeup in a blogpost

@@BugBountyReportsExplained Do you even get this is a joke no need to explain it bro.

nice!

lol stop spreading my idea ... i was about to get Nobel prize for it

Unfortunately, people in general don't give a shit about security, they just want the nicest software. But I think Zoom was banned in US at the beginning of the pandemic, so someone made a good decision there

I hope Zoom is better now

I once had a Lenovo or Dell laptop that had built-in, swippable camera cover

lol i have an Asus Rog Strix G which does not have a webcam at all😂

fix it soon!

this setting would change the setting just after joining a new meeting. You could turn it off after you realised it's on

@@BugBountyReportsExplained oh okay got it 😀

it's been patched

@@BugBountyReportsExplained oh :(

😎

nope

👌

just google it

haha you are not the first person in the comment section to tell me that😂

no, it's not

welcome!