Hacking into Google's Network for $133,337
Рет қаралды 1,067,855
Күн бұрынIn this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software Load Balancer, BNS addresses and other Google secret tricks!
This video was sponsored by the Google Vulnerability Rewards Program:
security.googleblog.com/2021/...
Ezequiel's own Writeup: www.ezequiel.tech/2020/05/rce...
SRE Book: sre.google/books/
GCP Prize 2020: • $100k Hacking Prize - ...
00:00 - Intro
00:33 - Meet Ezequiel Pereira
00:58 - The Impact Of The Bug
02:41 - Winning The $133,337 Prize!
04:03 - How To Find a Product To Research?
06:05 - How To Approach Google Products?
07:16 - The BEST Tip For Bug Hunters!
08:08 - What Does Deployment Manager Do?
09:00 - Type Providers: First Research Into Deployment Manager
11:03 - Using Type Providers for SSRF?
13:00 - Going Deeper - Finding A Hidden Version
15:01 - The Google Dogfood Version
15:52 - Discovering Internal Google Options - GSLB
17:34 - The Google SRE Book - Explaining Googles Software Load Balancer
19:34 - Exploiting GSLB?
21:58 - Failing to Exploit GSLB
22:28 - Abusing Protobuf To Find Hidden Enums
25:34 - Google API GRPC/Protobuf Tricks
29:11 - SUCCESS! Attacking Google's Network via GSLB SSRF!
30:34 - Summary
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
@wlockuz4467 3 жыл бұрын
Ezequiel: "I'm not an expert on this" Also Ezequiel: *Proceeds to hack Google*
@mrZeeeee 3 жыл бұрын
He should go after Fusion and thorium-LFTR nuclear discussion
@kilianschnitzer1791 3 жыл бұрын
lmaooo 😁 truee-😂
@banni4291 3 жыл бұрын
@@subverter1.188 there is a theory about that, dumb people thought they were smarter than they were and smarter people thought they were dumber than they actually we're
@eadawdawdad5737 3 жыл бұрын
@@banni4291 dunning kruger effect and imposter syndrome?
@Rhidayah 3 жыл бұрын
Google: am I joke to you?
@anzeblagus9513 3 жыл бұрын
I love how he's like "I'm not an expert on this"
@hi_im_angelatrainor 3 жыл бұрын
The humble ones are the wisest
@onmc4754 3 жыл бұрын
Neither is google I guess
@Andre-ih1yg 3 жыл бұрын
the more you learn the more you know you are not an expert. It is a weird feeling. You start something new and be like: I will be an expert in this. Then you dig deeper and realize that you are a total noob. And then comes a moment when you can answer somebody else a question to that topic and you feel like: Hey i am not a total noob anymore. It is such a good feeling to help others with something you achieved with hard work. And maybe some day they can help you too.
@circuit10 3 жыл бұрын
@@Andre-ih1yg Dunning Kruger effect?
@Zack_Taylor 3 жыл бұрын
He's got some impostor syndrome
@_..--- 3 жыл бұрын
More software companies should act like this, you need to get these people on your side.
@pvic6959 3 жыл бұрын
google has a lot of pros and a lot of cons. but from my view point, it has way more pros than cons. Google likes to remember they were built by engineers and the only way to win is to get engineers on your side
@TheOrganicartist 3 жыл бұрын
@@pvic6959 i agree with your comment, especially google's policy of the 80/20 rule where 1/5th of the time employees can pursue their own ideas and self organize. However, I was severely disappointed when they officially changed their company moto away from "Don't be evil" [The original motto was retained in Google's code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct's preface and retained in its last sentence.] If that wasn't a warning sign I am a platypus.
@pvic6959 3 жыл бұрын
@@TheOrganicartist I agree with you as well and am deeply disappointed too. i personally know a few googlers and they were very upset by that as well and there was internal uproar. but from what they say, their teams and leads carry on as if that is still the motto. of course, i cant say for sure but i have no reason to distrust them I think its not part of Alphabets moto but it is still part of googles or something
@nightking4615 3 жыл бұрын
Nah, they are too busy with their heads up their asses asking for "how to reverse a linked list" lol
@Fadexpl 3 жыл бұрын
@@nightking4615 someone's salty because they didn't pass the interviews :D
@brendnbrendn 3 жыл бұрын
i’ve never seen someone look so chill about winning 160k
@pvic6959 3 жыл бұрын
probably shock lol
@TechnicalHeavenSM 3 жыл бұрын
It's because hacking it got him far more pleasure
@gidedin 3 жыл бұрын
I am so deep in debt, receiving that news would make me cry, A LOT.
@TechnicalHeavenSM 3 жыл бұрын
@@gidedin Feel sorry for you ☹️☹️
@d.s.8227 3 жыл бұрын
Is he from Brazil? Might be afraid he'll get kidnapped or some shit after this video releases lol
@GPlayerHD 3 жыл бұрын
"Now you can maybe see where all of this is going". I have absolutely NO idea my friend.
@JuSoGu 3 жыл бұрын
Well, I could see where it could go, but would have thought it wasn’t viable at 3 or 4 points where Ezequiel managed to find a way to progress...
@AlbyTheMovieCreator 3 жыл бұрын
Welcome to the club, dude 😎
@AlbyTheMovieCreator 3 жыл бұрын
@@M______M isnt GLSB the pro gay-lesbian movement thing
@haaland1103 2 жыл бұрын
😂😂me too
@haaland1103 2 жыл бұрын
@@empnadajhhh9469 😂😂
@olfmombach260 3 жыл бұрын
How can this dude hold his head up with so much knowledge in it
@nasirjac 3 жыл бұрын
😂Lol
@pugboi8017 3 жыл бұрын
abahahahahaha
@alifellahi 3 жыл бұрын
he is not an EXPERT
@vaisakhkm783 2 жыл бұрын
@@alifellahi the more you know....
@constan-anaconda749 2 жыл бұрын
800th like
@scfog90 3 жыл бұрын
Pretty cheap way for Google to find major flaws that would cost them millions to fix
@TehIdiotOne 3 жыл бұрын
Yup. Significantly cheaper to fix issues like this proactively rather than reactively.
@SP1KEY 3 жыл бұрын
Yep they can hire hundreds of ppl for 133k or a pentester would cost like 500k-1m for how many’s servers google has
@aryashetty3924 3 жыл бұрын
@@SP1KEY But not all hundred people can find the bug that this guy found. That's why they hold such competitions.
@M4X1 2 жыл бұрын
Google are very clever
@bsdetector837 2 жыл бұрын
Many companies do this
@wlockuz4467 3 жыл бұрын
Imagine he used the issue tracker API and created an issue that described this exact bug for the internal team, That would've been scary.
@vishnuprasanth4725 2 жыл бұрын
Wasn't that a GET request? I might be wrong
@infiniti2011 2 жыл бұрын
@@vishnuprasanth4725 yeah it only performed get requests.
@Wertercat 2 жыл бұрын
New priority issue: “I made this issue via SSRF.”
@dandymcgee 2 жыл бұрын
lmfao. genius.
@seesaw3406 3 жыл бұрын
meanwhile im struggling to center a div in css
@rykehuss3435 2 жыл бұрын
Thats okay, hard problems like that take atleast a week to solve. Atleast if someone is paying you for it
@ianthethird420 2 жыл бұрын
display: flex 💪
@geralt9034 2 жыл бұрын
Add text-align: center to the body element in css and then for the div put the margin as auto
@user-mh5te3dy7n 2 жыл бұрын
@@geralt9034 display:flex; place-items:center; flex-direction:column;
@jonathan-3008 2 жыл бұрын
margin: 0 auto;
@skyracer-mk8hg 3 жыл бұрын
Having the PR team on standby was great
@oliver1121 3 жыл бұрын
I thought hackers just typed at the keyboard for 5seconds and then say "I'm in"?
@Krullfath 3 жыл бұрын
No lmfao that's just in movies
@press_580 3 жыл бұрын
@@tonkatruckgaming5724 wow really?
@acsiata 3 жыл бұрын
Only when the password is 1234 :)
@tanned_cosines_ 3 жыл бұрын
@@tonkatruckgaming5724 main bhi shaamil , lol ic
@vicvaporyuc1335 3 жыл бұрын
password its literally 8 stars... *******, mind games :^)
@carlosmujica6936 3 жыл бұрын
Im from Uruguay, as soon as a heard my country's name i was shocked. Most people dont even know where Uruguay is, but we got this boy killing it rn hahahaha
@bobiCHECK 3 жыл бұрын
Yo también ,vamo arriba la celeste
@bread90210 3 жыл бұрын
me fui a uruguay una vez y lo amo
@biggSHNDO 3 жыл бұрын
jajajajajajjajajajahahah
@stianaslaksen5799 3 жыл бұрын
If we leave the US out of it, I think most people know where Uruguay is!
@theyoutubeaccount8499 3 жыл бұрын
I think a lot of people know about Uruguay and know where it is. Especially football fans because of Suarez, Cavani, Forlan, Godin, etc.
@BarriDuty 3 жыл бұрын
In Uruguay with 1K/month you can be 'ok'. Im so glad for him
@bandosbandos 3 жыл бұрын
That protobuf enum trick was really cool, props to him.
@ChrisNoHandle 3 жыл бұрын
Holy Moly, Ezequiel is freaking master mind. This was very interesting, very educational and I wish I just had 1/3 of that knowledge and be able to assemble pieces of puzzle like this. Congratz, you deserved!!!!
@YoungGrizzly 2 жыл бұрын
What I love about this is that it looks like he was just having fun while learning something. I love it!
@aschmitt89 3 жыл бұрын
I LOVE how the prize amount is literally “LEEEET”! Lol
@Blentux 3 жыл бұрын
This is the way :D
@bellabear653 3 жыл бұрын
You do understand that bug he found would be worth a 100s of millions of dollars to them. It's not good money this kid deserved much much more.
@displacegamer1379 3 жыл бұрын
The first winning is also leet, it is e-leet.
@hexadecimalhexadecimal5241 3 жыл бұрын
@@bellabear653 I know rigth like what the fuck...give him a mil or something, i wouldnt even submit that sht...but then again i only know pc power button on and off
@bellabear653 3 жыл бұрын
@@hexadecimalhexadecimal5241 Well google zero days can be very dangerous and since most of the world uses it makes it worth a lot of money. I am surprised people bother helping Google find these exploits for that kind of money. This company earns billions.
@89derpaderp 3 жыл бұрын
Maybe it's just me, but I would love it if you could possibly make a video detailing bug bounties, such as basics, legality issues, where to begin etc. Again maybe it's just me but I think this could be a hot topic edit: I should also mention, I understand this information is out there, but was thinking it could be useful as kind of a one-stop-all video
@user-nk1om2tr4y 3 жыл бұрын
I agree.
@itsRAWRtime007 3 жыл бұрын
backing this up
@gavintantleff 3 жыл бұрын
Didn’t he make a video about that a while ago? Or am I going crazy?
@itsRAWRtime007 3 жыл бұрын
@@gavintantleff maybe, pls do send ?watch if you know it
@julianlemmerich1732 3 жыл бұрын
Thank you for these Videos! Its always amazing hearing about those exploits. Having them presented in such a great format really helps with accessibility.
@diegocastillo6470 2 жыл бұрын
I've seen this video a thousand times and everytime I get so happy seeing him smile upon learning he won the GCP Prize. Awesome job.
@cwmd7651 3 жыл бұрын
That was so cool and informative, I learned a ton about behind the scenes server stuff, great video!
@oasdfe1691 3 жыл бұрын
this guy is amazing! Really good detective work.
@maxgomes92 3 жыл бұрын
Your channel only gets better! I'm a huge fan!
@gauravhksharma5760 3 жыл бұрын
Wow, this is amazing. Shows it pays to RTFM and sticking to a particular target. Nothing comes easy. Thank you for this amazing walkthrough video ❤️.
@diamondmcpro 3 жыл бұрын
You know what would have been funny, is if he figured out how to make a issue on the internal issue tracker for this bug
@SkandiaAUS 3 жыл бұрын
Yah that's not within terms of the hackathon, to manipulate data. You'd lose the prize money and probably your reputation in the field!
@infiniti2011 2 жыл бұрын
@@DIANA-1337 also, it sent get requests
@hammer082 3 жыл бұрын
I didn't understand half of what Ezequiel explained ... but I swear to god, when they got to the enum, the first thing that came to my mind was the value 'GSLB' :D great job, though
@arduing9589 3 жыл бұрын
I'm noob, but would by any chance just calling INT numbers work on a Enum system? like a small bruteforce from 0 to 100 eventually, get something?
@stylishskater92 3 жыл бұрын
@@arduing9589 No it wouldnt work, thats exactly why its an enum. And for more readability ofc.
@timarbatis640 3 жыл бұрын
@@stylishskater92 was wondering too. thanks for explaining
@Psanyi42 3 жыл бұрын
Exploiting this bug I would have created a new issue in the google issue tracker :)
@ash.mystic 3 жыл бұрын
That would be funny 😆
@mactalk2871 3 жыл бұрын
Im planning to do that on my schools web server for us students. I found a LPE so I can overwrite other ppls websites or even the index of the whole website. I cant wait to see everyone‘s reaction :P
@Psanyi42 3 жыл бұрын
@@mactalk2871 One of my classmates back in school also tried something, and I think he got in, but the schools system noticed him because he was doing it during IT class, in the school so they called the police on him :D but fortunately for him he school dropped the case againist him. And I also remember that the IT teacher said the he knows the grading system is vulneratble to SQL injection :) (but I don't think my classmate was doing this)
@vinno97 3 жыл бұрын
@@Psanyi42 a first-year student tried to use SQL injection on our uni's main website and was able to break the database. Admins were furious and I believe demanded his expulsion. My teachers' response was along the lines of "how dare you be blame a freshman, who only just learned what SQL is, for this. Every one of our students knows this is dumb and you shouldn't even have your job of you don't know that"
@xq_nemesis 3 жыл бұрын
@@vinno97 Your teacher has a brain
@raymondsabee 3 жыл бұрын
This was extremely well figured out and i learnt a lot by watching this video. Well deserved bugbounty (and great writeup / filmup
@TheWootify 3 жыл бұрын
Truly amazing work by Ezequiel, awesome video as well! Congrats!
@petersuvara 3 жыл бұрын
Shows the reality of what it takes and the amount of work to find just on vulnerability. Also shows how dangerous these exploits are the companies vulnerable to it. 👍
@brianbitange6650 2 жыл бұрын
Feel like re-liking this video every time I watch it. That's an intriguing thought flow Ezekiel has!!
@ParkerGreen_sh 3 жыл бұрын
This was a fantastic video. Thanks for the attention to detail :) and congratulations Ezequiel
@MrRobotUy 3 жыл бұрын
I'm from Uruguay and I'm proud of Ezequiel 🇺🇾
@nicholaslunarodriguez1515 3 жыл бұрын
Aye! Good job love the expression on his face🏆👍🏾
@unsafecast3636 3 жыл бұрын
i read the article earlier and i was really happy to see the first line mentioning your video
@alfosisepic 3 жыл бұрын
I love it when the i banner covers up the very small advertisement text in the top-right corner.
@JJ-dz2ne 3 жыл бұрын
Grande Ezequiel representando Latinoamérica :)
@alexitoyt1130 3 жыл бұрын
Sólo urguguay😎
@internetdoggo4839 3 жыл бұрын
@@alexitoyt1130 shhhh
@jvminhell 3 жыл бұрын
@@alexitoyt1130 solo a el 😎
@allaboutvids1 3 жыл бұрын
“Do you see where this is going?” Me: Absolutely not
@erwinheitzman9854 3 жыл бұрын
Holy cow, this is so interesting and awesome to watch! Thank you for sharing this with us
@jimmanico6974 3 жыл бұрын
Orange is absolutely my favorite broadcaster in the world of Application Security. What an amazing intellect!
@cezarycerekwicki4465 3 жыл бұрын
I love that the price tag for this bug is a long LEEEEET :-)
@mohamedelidrissi810 3 жыл бұрын
"I'm not an expert on this" Yeah, nor Google 😂
@Adityarm.08 3 жыл бұрын
Experts blunder too. Slipping up on one endpoint out of hundreds you build doesn't imply lack of expertise.
@luckynumbersevuuun 3 жыл бұрын
probably one of the better breakdowns on yt, at least for now
@SouvikHaldarmustang 3 жыл бұрын
I love the commentary and the way he is surprised on learning such cool stuffs.
@coppolator6066 2 жыл бұрын
Being from Mexico, seeing a fellow Latin American be so smart in coding really makes me proud
@morlarav602 Жыл бұрын
you people expert at that white flour thing that sometimes sneak into nose
@billyusher4907 Жыл бұрын
@@morlarav602 Completely unprovoked
@mapleint997 3 жыл бұрын
this is a whole documentary :D
@Sam-ux5rw 3 жыл бұрын
Such a great vid, very well put together!
@xternl_ 3 жыл бұрын
wonderful video as always. congrats Ezequiel! hugs
@alexchomiak 3 жыл бұрын
The prize is a years salary of the engineer that got fired for leaving this bug in their deployment service
@billigerfusel 3 жыл бұрын
Google would end up without engineers then.
@SuperGenericUser 3 жыл бұрын
I can guarantee nobody got fired for this.
@mactalk2871 3 жыл бұрын
By the rate google is fixing CVE‘s in Chrome, there would now be 5 ppl left working at Google
@vinno97 3 жыл бұрын
I know you're joking, but just in case: such a bug is never the fault of one person. This is a chain of oversights across multiple teams; devs, system architects, and system security, to name a few.
@AshleyM120 3 жыл бұрын
When interacting with services to the scale of Google. They will be vulnerabilities particularly in configuration (here the staging dogfood API routed by the GSLB and the GSLB from deployment manager). He is impersonating one major GCP service then one major google internal engine through the SSRF.
@calvinkrist5672 3 жыл бұрын
I think gRPC is so cool and I love the creative use of it to enumerate values for fields. Really really awesome work!!!!
@MONDAUNG 3 жыл бұрын
my head hurts by looking at the gibberish codes but somehow he just make sense of it :) Congrats on Winning the Big Prize and you deserve it Ez!
@wmcphail 3 жыл бұрын
Thank you so much Live for the amazing content! I got some stuff I want to show you that I've been working on too!
@NicolasDumazet 3 жыл бұрын
The caption at 20:50 should be "GSLB addresses". The SRE book publicly documents BNS addresses as /bns//// . Keep up the good work :-)
@lagigangoding 3 жыл бұрын
this gives me alot of confidence when not understanding something the first time lol
@pnuema1618 Ай бұрын
Insane, Well Done Ezequiel! Looks like I need to understand APIs way more.
@cbanow 2 жыл бұрын
Excellent video.!!! .. and remarkable the reasoning that used Ezequiel Pereira !!!.. Congratulations
@tgrcode 3 жыл бұрын
I'm a high school student and I'm honestly seriously considering going into security vulnerability research rather than computer programming, this field is insane
@swagm8919 3 жыл бұрын
dont you have to be good at programming to understand computer vulnerability?
@tgrcode 3 жыл бұрын
@@swagm8919 You really think I'm considering computer science without having experience programming?
@amp4105 3 жыл бұрын
@@tgrcode wdym alot of people get into CS from college
@HoloDaWisewolf 2 жыл бұрын
Most CS students' only experience before college is programming their calculator in math classes. Plus having experience doesn't necessarily mean being good. And being good at coding isn't such a huge advantage either, since CS isn't about programming. Being somewhat proficient in C, JS and Python for instance won't help much with your calculability and complexity theory classes for instance, beside perhaps having heard of the P=NP problem, Turing machines, halting problem, and the Big O notation before. Unless you also have experience with using the pumping lemma to prove that a particular formal language is non-regular.
@HoloDaWisewolf 2 жыл бұрын
Or your math, physics, networking, security, operating systems, programming language theories, and compiler ones (and so on). Even for an algorithm course: do you have experience with dynamic programming to solve problems like the Tower of Hanoi puzzle, shortest path in a graph (Dijkstra, Floyd), or obtaining the maximum a posteriori probability estimate of the most likely sequence of hidden states that results in a sequence of observed events in the context of hidden Markov models (Viterbi algorithm)? I'm not showing off, I'm simply trying to show you that CS is about as much about programming as math is about numbers. Which is to say, it's about much much more than that. Not to mention that a functional programming language like Scheme is taught first in lots of university. While you can use the functionnal paradigm in some modern multi-paradigm languages like JS and Rust, it's not what most people do before college. Unfortunately so, since ML is amazing and arguably one of the most important language ever created. Anyway, good luck in your studies!
@__grant 3 жыл бұрын
this bug/video was super interesting, this is why i love liveoverflow lmao
@conchitafukunaga2607 3 жыл бұрын
Thanks a lot. This is fun and unremarkable. Congrats to Eziquiel
@mrigendrasoni5836 3 жыл бұрын
This was literally so cool!
@Trash_Night 3 жыл бұрын
It would be nice if more companies would act like google. One more nice thing would be to hire guys who have such a talent
@pvic6959 3 жыл бұрын
lol i would not be surprised if that option was given to him. also if he just applies regularly, Im sure this looks great on his resume
@sudhanshurajbhar9635 3 жыл бұрын
He worked for some time at Google as an intern, then he got an offer from Facebook as a Security Analyst(just few months back).
@techsupport056 3 жыл бұрын
not anywhere close to being the first or closest, just here for the enjoyment :)
@FlySoloG 3 жыл бұрын
My heart just get enlightened by these type of findings
@BlackHermit 3 жыл бұрын
Great work Ezequiel! :)
@Shitopia539 3 жыл бұрын
Did he ever work for Google? It sounds to me he knows a lot about their internals.
@rodney7780 3 жыл бұрын
He probably just googles a lot..
@itz_karizma 3 жыл бұрын
They also mentioned reading a book, idk what it was called though.. that explains a lot about Google and server stuff.
@mediahost2243 Жыл бұрын
@@itz_karizma Google SRE Book
@florinsimion6466 3 жыл бұрын
And yes soo humble. This guy cannot have a price on his head.
@lesleybw 3 жыл бұрын
Anyone who's hacked a machine called Quick on HTB will know how cool this is because the machine involved compromise of HTTP/2. I learnt a lot about protobuf and gRPC on that box but unfortunately that was the last time I ever heard or dealt with it again,pretty cool to see a real world implementation of this. Shout out to HTB for the dope hacks.. Excellent work Ezequiel👌🏾💯
@4c1d 3 жыл бұрын
Amazing content, as always :D
@pvic6959 3 жыл бұрын
I work at one of these big companies and he knows more than I know about our own systems lol. I wish I had his ability to read documentation. My eyes just glaze over when I have to read docs :/ to be clear, what I meant is that I havent spent time trying to learn our systems as deeply as he has learned google systems. but to do that you need to read docs :P I didn't mean google systems but my company's internal systems in general lol
@Lamb666 3 жыл бұрын
TheOrganicartist this feels out of place, but I'm genuinely curious since you're sharing information like that. Interesting to see the diverse group of people who watch these kinds of videos.
@SoferPeOZN 3 жыл бұрын
@@TheOrganicartist I'm definitely going to do the egg + vinegar thing ❤
@Antaquelas 3 жыл бұрын
@@TheOrganicartist This might be the most informative comment I have ever read on KZbin. Thank you man
@user-fp6dt1os1l 3 жыл бұрын
He says he had to read it 4-5 times and he still didn't fully understand what it does. Don't worry, you're normal :)
@TheOrganicartist 3 жыл бұрын
@@Antaquelas I think this is the best compliment I have ever received on the internet! \o/ I'm happy to help.
@tekken-pakistan2718 3 жыл бұрын
03:18 made my day, hahaha! The honest smile! :D
@systemofapwne 3 жыл бұрын
Easy to follow, yet I would not have come to his method on my own. Kudos to him!
@BossMovesOfficial 2 жыл бұрын
Nice work buddy 👊 And smart move Google... easiest way to find your flaws
@vladisergeiev7278 3 жыл бұрын
I love how they threw the 1337 in there. True nerds.
@tommyhetrick 3 жыл бұрын
Live overflow the actor: “oh!”
@redteamgarage299 2 жыл бұрын
Bro you bring very informative videos. 👌 Thanks for this and may god bless you with Millions of subscribers...
@xsolaris42 2 жыл бұрын
Don't understand a single thing. Just here to sleep. Soothing & calming voice.
@fenilshah9221 3 жыл бұрын
This Video actually says: "Never Give Up" & " Believe in Yourself"
@mphelakgaphola6537 3 жыл бұрын
Fenil: I needed a message like this. Thank. I'll keep that in my mind all the time.
@xyfurion 3 жыл бұрын
"uploaded 10 seconds ago" damn I'm early
@falxie_ 3 жыл бұрын
This makes me want to get into this, I already liked finding security vulnerabilities at my company as a SWE
@tahermahi 2 жыл бұрын
why not just get into it then? sounds like you already have the fundamental skills down, just read the terms of a public bug bounty program like Google's one and happy hacking!
@amunak_ Жыл бұрын
I'm glad I managed to guess the "transport" right! What a shame would it be if he gave up at that point, especially since the answer is so obvious. But people like him just don't seem to give up. Amazing job.
@domemvs 3 жыл бұрын
Plot twist: the prize is paid in the form of GCP Credit.
@hariranormal5584 3 жыл бұрын
ROFL.
@jimjuma7916 3 жыл бұрын
Haha no way
@rykehuss3435 2 жыл бұрын
That would be hilarious, but since they use $ sign it kinda means its paid in USD
@sammo7877 3 жыл бұрын
@14:51 what what program was he using to capture requests and responses? .... great video btw and congrats @Ezequiel Pereira
@bradleywalton970 3 жыл бұрын
I believe it was Burpsuite
@dopetext5709 3 жыл бұрын
same question,
@XF3DeX 3 жыл бұрын
Vamos Sudamérica carajo! Felicitaciones Ezequiel!
@rpavlik1 3 жыл бұрын
Wow, really clever work! (And long work it sounds like too!)
@Durronko 3 жыл бұрын
29:35 "GSLB" was actually my first guess, since he wants to use gslb, i thought that was the obvious choice lol
@rykehuss3435 2 жыл бұрын
Yeah sometimes even the gurus can miss 'obvious' stuff like this
@MisterSchnubbl 3 жыл бұрын
164k Dollars is such a small amount considering the damage that could be done with this vulnerability ... It's a very smart move from companies doint those competitions for their own security measures but I think in this case they could have been a bit more gracious with the amount of money :D
@MilMike 3 жыл бұрын
fascinating thinking process - really thought outside the box!
@Abraham18K 3 жыл бұрын
Uruguay Uruguay, proud of you !!!
@imuser007 3 жыл бұрын
Google should give a job for this talented person 🔥
@StefanReich 3 жыл бұрын
You lose your freedom when you work at Google
@imuser007 3 жыл бұрын
@@StefanReich I don't think so, still most people in google have a lot of freedom
@andrasfogarasi5014 3 жыл бұрын
@@imuser007 Yeah they have good PR. That happens when you have good PR people.
@shinkiro69420 3 жыл бұрын
Imagine wanting to work at Google . ewww
@a9503128 3 жыл бұрын
It’s the reason he found the bug, you always want outside eyes with no bias or policy etc
@semitangent 3 жыл бұрын
I am looking at the blurred pics of the Google team and trying to find a long-haired polish guy :D
@TheOrganicartist 3 жыл бұрын
do they work at the seattle branch, i might know them.
@TechnicalHeavenSM 3 жыл бұрын
Who???
@Antaquelas 3 жыл бұрын
He is making a reference to Gynvael :)
@TechnicalHeavenSM 3 жыл бұрын
@@Antaquelas who is he?🤨
@TheOrganicartist 3 жыл бұрын
@@Antaquelas Well more than one Seattle google person fits that description, so forgive my mistake of not recognizing the reference ;D rofl
@lior13xlr 3 жыл бұрын
Yo this video was great I've learned soo much also super interesting thank you! : )
@lior13xlr 3 жыл бұрын
Also congrats to Ezekiel on 166k woo hoo
@PN-dr1qk 3 жыл бұрын
25:04 coming up with that idea is ingenious!!!
@SiaarZH 3 жыл бұрын
"What's your name?!" "Ezekiel"
@franchufranchu119 3 жыл бұрын
Indeed it is.
@jamescollier3 3 жыл бұрын
Plot twist: he has a friend that works at Google
@badraldeensheksalim3098 2 жыл бұрын
Ezequiel: "I'm not an expert on this" 2 week later Ezequiel: I'm in 🤣
@Antaquelas 3 жыл бұрын
Amazing content! Thank you.
@elliotalderson6769 3 жыл бұрын
"The Google SRE book he mentions is really cool. It's been on my reading list for many, man years.... But I cannot read books, so I never did." XD I'm DED lol
@aloufin 3 жыл бұрын
does he have a learning disability? I don't get the joke lol
@chrislang2118 3 жыл бұрын
Same I don't understand
@peppigue 3 жыл бұрын
@@chrislang2118 @aloufin I suspect he doesn't have the ability/experience/motivation to focus in that particular way. It's my experience that reading books is something I can get into, but the thought of it always seems difficult if it's been a while since I read several books consecutively. I've been planning for a while to get some quality tech books, finally will have the money for shortly. Looking forward to learn subjects in depth while simultaneously getting some sorely needed break from too much screen time...
@kuroodo_ 3 жыл бұрын
There are a lot of books I want to read, but I just lose interest or focus a few minutes in. I have a better time listening to audio or watching a video/presentation than reading a book. Books aren't for everyone. Might be the case for him too.
@realalphas 3 жыл бұрын
14:50 What program is it?
@bradleywalton970 3 жыл бұрын
Looks like Burpsuite to me
@jackisjack_bysun 3 жыл бұрын
This a brillant exploit and a brillant explanation. Thanks you so much.