google has a lot of pros and a lot of cons. but from my view point, it has way more pros than cons. Google likes to remember they were built by engineers and the only way to win is to get engineers on your side

@@pvic6959 i agree with your comment, especially google's policy of the 80/20 rule where 1/5th of the time employees can pursue their own ideas and self organize. However, I was severely disappointed when they officially changed their company moto away from "Don't be evil" [The original motto was retained in Google's code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct's preface and retained in its last sentence.] If that wasn't a warning sign I am a platypus.

@@TheOrganicartist I agree with you as well and am deeply disappointed too. i personally know a few googlers and they were very upset by that as well and there was internal uproar. but from what they say, their teams and leads carry on as if that is still the motto. of course, i cant say for sure but i have no reason to distrust them I think its not part of Alphabets moto but it is still part of googles or something

Nah, they are too busy with their heads up their asses asking for "how to reverse a linked list" lol

@@nightking4615 someone's salty because they didn't pass the interviews :D

He should go after Fusion and thorium-LFTR nuclear discussion

lmaooo 😁 truee-😂

@@subverter1.188 there is a theory about that, dumb people thought they were smarter than they were and smarter people thought they were dumber than they actually we're

@@banni4291 dunning kruger effect and imposter syndrome?

Google: am I joke to you?

probably shock lol

It's because hacking it got him far more pleasure

I am so deep in debt, receiving that news would make me cry, A LOT.

@@gidedin Feel sorry for you ☹️☹️

Is he from Brazil? Might be afraid he'll get kidnapped or some shit after this video releases lol

The humble ones are the wisest

Neither is google I guess

the more you learn the more you know you are not an expert. It is a weird feeling. You start something new and be like: I will be an expert in this. Then you dig deeper and realize that you are a total noob. And then comes a moment when you can answer somebody else a question to that topic and you feel like: Hey i am not a total noob anymore. It is such a good feeling to help others with something you achieved with hard work. And maybe some day they can help you too.

@@Andre-ih1yg Dunning Kruger effect?

He's got some impostor syndrome

Well, I could see where it could go, but would have thought it wasn’t viable at 3 or 4 points where Ezequiel managed to find a way to progress...

Welcome to the club, dude 😎

@@M______M isnt GLSB the pro gay-lesbian movement thing

😂😂me too

@@empnadajhhh9469 😂😂

😂Lol

abahahahahaha

he is not an EXPERT

@@alifellahi the more you know....

800th like

Yup. Significantly cheaper to fix issues like this proactively rather than reactively.

Yep they can hire hundreds of ppl for 133k or a pentester would cost like 500k-1m for how many’s servers google has

@@SP1KEY But not all hundred people can find the bug that this guy found. That's why they hold such competitions.

Google are very clever

Many companies do this

No lmfao that's just in movies

@@tonkatruckgaming5724 wow really?

Only when the password is 1234 :)

@@tonkatruckgaming5724 main bhi shaamil , lol ic

password its literally 8 stars... *******, mind games :^)

Thats okay, hard problems like that take atleast a week to solve. Atleast if someone is paying you for it

display: flex 💪

@Geralt Rivia display:flex; place-items:center; flex-direction:column;

margin: 0 auto;

LOL

Yo también ,vamo arriba la celeste

me fui a uruguay una vez y lo amo

jajajajajajjajajajahahah

If we leave the US out of it, I think most people know where Uruguay is!

I think a lot of people know about Uruguay and know where it is. Especially football fans because of Suarez, Cavani, Forlan, Godin, etc.

Wasn't that a GET request? I might be wrong

@@vishnuprasanth4725 yeah it only performed get requests.

New priority issue: “I made this issue via SSRF.”

lmfao. genius.

you people expert at that white flour thing that sometimes sneak into nose

@@morlarav602 Completely unprovoked

This is the way :D

You do understand that bug he found would be worth a 100s of millions of dollars to them. It's not good money this kid deserved much much more.

The first winning is also leet, it is e-leet.

@@bellabear653 I know rigth like what the fuck...give him a mil or something, i wouldnt even submit that sht...but then again i only know pc power button on and off

@@hexadecimalhexadecimal5241 Well google zero days can be very dangerous and since most of the world uses it makes it worth a lot of money. I am surprised people bother helping Google find these exploits for that kind of money. This company earns billions.

I'm noob, but would by any chance just calling INT numbers work on a Enum system? like a small bruteforce from 0 to 100 eventually, get something?

@@arduing9589 No it wouldnt work, thats exactly why its an enum. And for more readability ofc.

@@stylishskater92 was wondering too. thanks for explaining

Yah that's not within terms of the hackathon, to manipulate data. You'd lose the prize money and probably your reputation in the field!

@@DIANA-1337 also, it sent get requests

That would be funny 😆

Im planning to do that on my schools web server for us students. I found a LPE so I can overwrite other ppls websites or even the index of the whole website. I cant wait to see everyone‘s reaction :P

@@mactalk2871 One of my classmates back in school also tried something, and I think he got in, but the schools system noticed him because he was doing it during IT class, in the school so they called the police on him :D but fortunately for him he school dropped the case againist him. And I also remember that the IT teacher said the he knows the grading system is vulneratble to SQL injection :) (but I don't think my classmate was doing this)

@@Psanyi42 a first-year student tried to use SQL injection on our uni's main website and was able to break the database. Admins were furious and I believe demanded his expulsion. My teachers' response was along the lines of "how dare you be blame a freshman, who only just learned what SQL is, for this. Every one of our students knows this is dumb and you shouldn't even have your job of you don't know that"

@@vinno97 Your teacher has a brain

lol i would not be surprised if that option was given to him. also if he just applies regularly, Im sure this looks great on his resume

He worked for some time at Google as an intern, then he got an offer from Facebook as a Security Analyst(just few months back).

I agree.

backing this up

Didn’t he make a video about that a while ago? Or am I going crazy?

@@gavintantleff maybe, pls do send ?watch if you know it

Google would end up without engineers then.

I can guarantee nobody got fired for this.

By the rate google is fixing CVE‘s in Chrome, there would now be 5 ppl left working at Google

I know you're joking, but just in case: such a bug is never the fault of one person. This is a chain of oversights across multiple teams; devs, system architects, and system security, to name a few.

When interacting with services to the scale of Google. They will be vulnerabilities particularly in configuration (here the staging dogfood API routed by the GSLB and the GSLB from deployment manager). He is impersonating one major GCP service then one major google internal engine through the SSRF.

Sólo urguguay😎

@@alexitoyt1130 shhhh

@@alexitoyt1130 solo a el 😎

Experts blunder too. Slipping up on one endpoint out of hundreds you build doesn't imply lack of expertise.

He was hired my google

dont you have to be good at programming to understand computer vulnerability?

@@swagm8919 You really think I'm considering computer science without having experience programming?

@@tgrcode wdym alot of people get into CS from college

Most CS students' only experience before college is programming their calculator in math classes. Plus having experience doesn't necessarily mean being good. And being good at coding isn't such a huge advantage either, since CS isn't about programming. Being somewhat proficient in C, JS and Python for instance won't help much with your calculability and complexity theory classes for instance, beside perhaps having heard of the P=NP problem, Turing machines, halting problem, and the Big O notation before. Unless you also have experience with using the pumping lemma to prove that a particular formal language is non-regular.

Or your math, physics, networking, security, operating systems, programming language theories, and compiler ones (and so on). Even for an algorithm course: do you have experience with dynamic programming to solve problems like the Tower of Hanoi puzzle, shortest path in a graph (Dijkstra, Floyd), or obtaining the maximum a posteriori probability estimate of the most likely sequence of hidden states that results in a sequence of observed events in the context of hidden Markov models (Viterbi algorithm)? I'm not showing off, I'm simply trying to show you that CS is about as much about programming as math is about numbers. Which is to say, it's about much much more than that. Not to mention that a functional programming language like Scheme is taught first in lots of university. While you can use the functionnal paradigm in some modern multi-paradigm languages like JS and Rust, it's not what most people do before college. Unfortunately so, since ML is amazing and arguably one of the most important language ever created. Anyway, good luck in your studies!

Fenil: I needed a message like this. Thank. I'll keep that in my mind all the time.

TheOrganicartist this feels out of place, but I'm genuinely curious since you're sharing information like that. Interesting to see the diverse group of people who watch these kinds of videos.

@@TheOrganicartist I'm definitely going to do the egg + vinegar thing ❤

@@TheOrganicartist This might be the most informative comment I have ever read on KZbin. Thank you man

He says he had to read it 4-5 times and he still didn't fully understand what it does. Don't worry, you're normal :)

@@Antaquelas I think this is the best compliment I have ever received on the internet! \o/ I'm happy to help.

do they work at the seattle branch, i might know them.

Who???

He is making a reference to Gynvael :)

@@Antaquelas who is he?🤨

@@Antaquelas Well more than one Seattle google person fits that description, so forgive my mistake of not recognizing the reference ;D rofl

You lose your freedom when you work at Google

@@StefanReich I don't think so, still most people in google have a lot of freedom

@@imuser007 Yeah they have good PR. That happens when you have good PR people.

Imagine wanting to work at Google . ewww

It’s the reason he found the bug, you always want outside eyes with no bias or policy etc

ROFL.

Haha no way

That would be hilarious, but since they use $ sign it kinda means its paid in USD

the thing is google has people trying to check those issues. But noone of those found the issue, so the tactic is to make it easier, more legal and still pretty lucrative to tell google when you find stuff like this, instead of risking your own head and google risking big biiiig trouble if they wouldn't pay for stuff like this. Imagine someone finding rce and going for the biggest payday they could. Imagine how much the hacker would earn (probably 10x what google pays, but they risk it not working at all and them going to prison) and imagine what it would cost google... probably billions.

Yea right poor employees. Google's employee TC is the highest in Silicon Valley and probably the entire world

@@mzaki8503 ikr ..i have seen some commie cuck lords on twitter saying google, amazon pay less to their employees while per capita of their employees is highest in the world

Negative Nancy

I believe it was Burpsuite

same question,

Yeah sometimes even the gurus can miss 'obvious' stuff like this

why not just get into it then? sounds like you already have the fundamental skills down, just read the terms of a public bug bounty program like Google's one and happy hacking!

Indeed it is.

what kind of Luck ?

Too bad it was gslb ;-)

@@andrewtaye gbsl ?

does he have a learning disability? I don't get the joke lol

Same I don't understand

@@chrislang2118 @aloufin I suspect he doesn't have the ability/experience/motivation to focus in that particular way. It's my experience that reading books is something I can get into, but the thought of it always seems difficult if it's been a while since I read several books consecutively. I've been planning for a while to get some quality tech books, finally will have the money for shortly. Looking forward to learn subjects in depth while simultaneously getting some sorely needed break from too much screen time...

There are a lot of books I want to read, but I just lose interest or focus a few minutes in. I have a better time listening to audio or watching a video/presentation than reading a book. Books aren't for everyone. Might be the case for him too.

Not cool to expose him like that, respect their privacy

@@appio4345 I don't know who that guy is, I don't know how he looks like, never heard of that guy before. What privacy are you talking about? Just a name doesn't say anything and if his name (alongside with a photo or a voice) has been published in press before, then I guess their privacy has been already invaded, don't you think?

@@appio4345 Its all in Good faith. Who doesn't know him. He leads GOOGLE'S VRP program and a very cool guy. They are also not talking anything sensitive there ok.