Like everyone else i am also hoping you will get the chance to create more videos for the Google VRP, LiveOverflow! Best wishes, @wtm_offensi

Google: Sponsors a KZbin video. KZbin, a Google company: Wait, can we demonetize this?

Google is like Italy, it switches sides when you least expect it.

I can't think of anyone better than you for this job! Glad to see you getting rewarded after all these years of effort here on KZbin. Congratulations !

Other companies, pay attention. This is the right way to talk about things like this. The more open we are about bugs and problems, the more secure these companies become. I love this model.

LiveOverflow to be the official bug reporter for Google? you got my vote!

I really enjoy how you also explained his thought process and how he was able to do the legwork to find the vulnerability. I know people in the cyber world that would just say "there was an issue where it would automatically execute gradle" and then call it a day, if I;m lucky, after giving more details about the vulnerability itself. People rarely talk about the thought process required.

I really appreciate you pausing to remind the viewer that this work is tedious, and takes time. The problem with KZbin educational videos these days, is that unless you remind yourself of this, they can make some people very discouraged... That's because their expectation is that when they sit down to code, or research, it will look similar to the video they watched... And instead of being smooth, and almost effortless, it's the complete opposite - difficult, slow, challenging.

I am very happy that this type of sponsorship is happening ! Way to go and best of luck with next productions.

Great video! I would love to see more vulnerability disclosures explained like this in the channel. This also says a lot about what KZbin/Google was saying about demonetize hacking related videos. Even tho this is hacking related, it's clearly more educational than a step by step on how to damage someone by hacking their wifi or creating social engineering sites.

I really enjoyed the format of this video. I liked getting the explanation from the source as well as LiveOverview’s explanation. I would watch more like this in the future.

You can really see how much work you put into this video compared to your usual videos. It's one of your best videos imo, keep it up!

Awesome video! It's always cool to get the story behind a vulnerability. Would love to see more content like this!

This is hands down the best security vulnerability related video in general I've ever watched. Talk with a full-time bug hunter and very professionally put together. Hard to believe that this is actually an advertisement, and as I can see, it's an advertisement for Google's bug bounty program. Google is rather unusual company. They propose open-source projects, they are very open about their products, even when it comes into the vulnerability of these products, and they actually care about people's opinions. Kind of like Discord as it seems.

Congratulations! I've been watching your videos for some time and it warms my heart to see secure these types of partnerships and grow your channel. Well deserved! And not to mention definitely an interesting video. Kudos for keeping everyone grounded and reminding that videos don't capture everything (on purpose, of course) :)

19:08 magically disapprearing hair? :D Very nice video

Bro this is completely EPIC! Google sponsoring. It could get even nicer though, just imagine google asking you to talk about critical historic bug reports on android, drive, youtube, search engine. IT COULD BE AWESOME!

That glorious man's hair flied away in around 19.00

It is amazing that you show the effort this guy had to find this bug. I know people who think success is a one time try-get thing based on someone's "talents". This line of thought can lead to many disappoints in life. Your channel is amazing :)

Love the new format! I think it is great for the largest developers like Google to be able to facilitate knowledge like this. It could mean that some smaller companies or freelance developers dont end up losing clients or getting into legal trouble over something that a company like Google can fix before it is used as an attack vector. Things like these need to be shared, and I am glad that you are the person sharing it with us!

This title sounds like clickbait but it's actually not.

Actually YES! This is the best sponsored video I have ever seen!

Finding hacks is always the result of someone saying "What if...", playing around a bit and then getting an understanding of how things work. A potential question: Would you have invested the time and effort if Google didn't have a bug bounty program, just to learn something?

The captions helped a lot because my speakers got water damage today! Thanks :)

nice for making this video, i know that finding bug can be frustrating unless you happen to find it accidentally, but this video showed me how even more frustrating it is. thanks!

Man I love your videos even as a newb who knows nothing about programming or cybersecurity, you have a way in structuring and presenting and always make them so fascinating! :)

you deserve it! all the sacrifice you've made for learning and working on your skills, keep up the good work!

Well done mate! I've been following you for a while now and you totally deserve the sponsorship!! Keep up the good work mate!

Whoa, you've expanded my view on a lot of services I'm using in my professional life. I'm using docker on a daily base and I was not aware you can control the container (moreover, other containers) in such way using the docker socket file. Okay, everything isn't exactly the same with comparing GCP(Google Cloud Platform) vs OCP(Openshift Cloud Platform) but technically it seems pretty similar. Anyway, thanks for the video.

Schönes Video! Echt cool, dass du solche Kooperationen realisieren kannst. Sehr sympathisch auch der Bounty hunter :)

Great video! I love the interview format.

15:03 did i just see the famous merkel raute?

Thank you Live Overflow and Google! Cool look into container technology and how the "bug" can be the result of bringing several technologies together.

Hope someday we'll see LiveOverflow talking about bugs on LastPass/Dashlane/NordVPN/PIA/Audible/etc. :3

I appreciated both efforts: describing and explaining. thumbs up.

19:08 he's having a bad hair day xD

This is an awesome video. Loved the real life video shots, really made the vid easily digestible

Wow, thanks for sharing this content and the interview. It was very insightful!

"We connect you with Hackers, just make a simple video.. blah blah" -Google Hmm.. does this mean you think i'm a Hacker, Google?!

I am really happy for live overflow geting asked by google themselves to make a regular video with a bug they had. feelsgoodman

Nicely done, both of you! Congrats! And please keep reminding us how tedious work it is - I forget. Very good video!

If only all ads taught me this much. ps: Google, you should pay more for your bug bounty hunters...

Beautiful idea 💡 thanks to everyone who was involved in this.

Wow.Michael cera really is knowledgeable in cyber security.

You need to do a video on the new iOS bootrom exploit!

love how you emphasized how hard it was

Nice video! I would love more of this type of content. Let's hope Google sponsors you more often!

Awesome video ! I had a question though, why would google put host's docker daemon socket in the shell container ? One possible explanation would be, because the shell needs to communicate to the thea IDE, but I'm not sure because if that's the case then why not put thea and the shell in the same container ?

Great video! Learned a lot from the explanation, especially the docker escape trick.

I had found a bug on KZbin allowing you to delete likes/dislikes one by one using their api. Nothing urgent, nothing fancy, so I contacted their VRP with how to reproduce it. They told me that they couldn't reproduce it, adding that if the bug was indeed live, their systems would have detected it. Less than 2 days after their response, it was fixed and never heard from them again.

Very, very interesting video. You guys are real genius. I wish I had half your talent.

19:19 why does the hair suddenly disappear?

Now I finally know why new JetBrains IDEs asks whether you trust the build system used by a project.

Love this video! Great work.

This is such an awesome video. Thank you!! :)

I find the easiest vulnerabilities to work on are client/server web apps with the logic carried out by some script on a server with the client side in Javascript. Found a few bugs in commercial products, the companies involved were happy to receive the bug reports for fixing, but no reward unfortunately (but I did receive a thank you). Only reward was from Facebook for quite a trivial privacy issue ($500 lowest tier bug bounty reward). I find live chat apps are usually the ones with flaws - best was a complete deletion of an app from a web page without admin privilege (with permission of the owners of the site it was hosted on), and a moderation bypass (done on the providers demo page). Another one is trying to insert HTML markup in a page when you shouldn't be able to (not enough user input sanitation that can lead to cross site scripting vulnerabilities), had a laugh on a Facebook game with that one (before letting the game developers know about the bug). While this is probably not legal to do, as long as you don't cause any damage and notify the providers so that the 'bug' can be fixed, I've never had anyone be upset about it - better than someone malicious coming along and causing untold havoc for anyone using whatever service has the bugs.

Love it

Which piece is that on the piano i kinda want to know

18:14 what i'm more curious about is how much *you* got paid :P

Excellent find, love the concept of this video too.

Really awesome, interesting and well presented video.I truly appreciate it :)

woah.. I kinda lost sight of this channel for some time (shifting interests and such) and now I come back and he has 374k subscribers? When and how did that happen?! I mean congratulations I'm really happy for him but damn ^^

Only $5k for this? That is way underpay for his skill set

Cool content and research. Thanks for sharing. BTW, I hope you get paid twice because there were 2 commercials in this video also.

Love your content, love the knowledge, love the way you transmit it :)

another great video. Great pace, great explanation.

What an eye opener this is... Boy ou boy

Hey there #liveoverflow!! This was an awesome awesome video, loved it thoroughly!

One of your best video imo. Thank you

Thanks Google for being progressive and forthcoming. You sponsoring this kind of video was totally amazing. Other companies need to take a look at your efforts. Also, great video mate!

Loved it. Thank you.

I would say: Ehre an Google!

That horse playing guitar, drum and [that blow horn thing] 😅

Awesome. Keep up the great work.

wow i was like "i can barley understand that" and the subtitle hint comes up. perfect!

Implementation of a wrapper, nice stuff.

Having earned an OSCP, I fully understand the long time and tedious work these things can take.

The beginning of Google is the ray. I've already heard about this vulnerability, but your explanations are.

Reverse engineering the architecture is quite a large portion of the effort. Wonder if it would be faster and more reliable for Google to have in-house researchers who see the source code and design docs of the system?

Nice video, really inspiring for people who want to find bugs. I wonder if you can kubectl to this cluster. 13:33 hey, if you get access to the host, you can use strace to trace the container processes pid.

Kudos dude. But I mean, with your content quality, it pretty much makes sense!

Awesome video I hope one day I can find some bugs I've been working on it really hard :)

Congratulations, my friend! You are doing such a great job, I'm so glad Google recognized your work.

A video on securing containers and escaping them would be very interesting

hey @LiveOverflow when were u first employed as a security expert? i'm studying for a physics phd right now but i have always been into security and systems programming, and your videos are inspiring me to maybe try out some penetration testing competitions or some things like that. anyone else feel free to answer too!

That’s awesome! Congrats man 😁

Cool video man keep it up!

really interesting, i hope you get to do more videos like this

I really enjoyed this video and would love to watch more videos exactly like it.

$5000 seems little for such awesome and very high skilled work. He could easily get a senior position at Google and get paid much more in cash plus equity.

5000$ seems pretty ridiculous for the amount of work achieved to report this bug. It's Google I doubt it would crumble for a 20k€ bounty

Christopher Domas showed that simply with root access we can control every part of x86_64 CPUs by accessing the MCU... is that not the case here if one can escape this container?

So now I wonder, how was this issue fixed in the end?

if you ask me, even seeing other containers you are not supposed to interact with *is a security vulnerability* - Even if nothing may come from it: They should stop the person as soon as possible, so they cannot even go deeper... - like this, they have to protect everything else behind it, rather than just that one gateway...

Your contents are on another level.

It looked way to easy. Nice collaboration👍🏻

google sure took the best person to make this video, way to go pal !!!!

Great video, thanks!

Amazing video.. the only shame it's that hacker got low money reward...

This is awesome, @Google should sponsor more videos like this :D