TomNomNom looks like a teacher. A really good one. Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with. Real nice guy.
It is a 2 year old video when I am watching it. The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
Finally bridging the gap between web developers and cybersecurity engineers. Well done. Some notes to self: 1. Be mindful that once something is on the internet--someone is always watching. 2. Always make sure sensitive information (such as passed credentials) are not visible to the public. 3. Change up the folder structure and resource filenames of applications.
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude. Cheers from Argentina.
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
This is what i understood from this: Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
brilliant presentation, I love the editing and multiple camera angles. Curious about how you edited it....did you have somebody to handle scene switches with OBS or something? I like it , thank you for sharing.
Function optical / scopes..from metric angles and the best performing within obj spectrum / such for background and convertion by Raid_system operational..that goes a long way
The erie music in the background while describing dev tools🤣👍 how about going into a coffee shop and spoofing the router, or maybe the next video talk about wireshark... 😳
tomnomnom should start teaching people, this guy got a voice of perfect lecturer
Liskowy and he has no Indian accent
oh yeah i can imagine good what he wnat to explain and his voice is great to listen. and im straight
@@hemax_ touchè lad
@@hemax_ lmaooo
Yes exactly
- It's CSS
- What's CSS ?
- Cascading Style Sheet
- Whoaaaa!!!!!
STÖK talks alot about yavascript ahahha
Aye man don’t be mean or I’ll hack your windows Home Screen with some good templates (I’ll go with bootstrap)
@@loganlandry7852 @
Layne Jasper dumb spammers
Xd
TomNomNom looks like a teacher. A really good one.
Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with.
Real nice guy.
Perfect cover. A little too nice for a hacker even if bounty side
JJ
Li
U
H.
4:01
"Pretty print"
"No waaaay"
k
funny, BUT I DID NOT KNOW THAT FUCKING BUTTON WAS THERE ALL THIS TIME!
hahah
imposible! XD
JerreMuesli IKR!!!!
no wayyy thats niceeee
It is a 2 year old video when I am watching it.
The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
we are too late in hacking buddy LOL we should learn fast to get things out
I take everything back - the speaker is amazing. So calm, so much and clear information, presented very politely and soothing voice ;-) please, more!!
Ugh... "xml http request"
the other guy: "whoaa!!"
really dude...
Kek
Drugs.
XD
Relax. I suspect @STÖK knows more than he lets on, here. His "whoaa" is probably more of a didactic device than genuine amazement.
@@jub0bs I don't think so! His whoaaa!! was real! He's said in most of his videos that he is not very good at coding.
I've found it very useful. I would love to see more such videos in the future. You guys are awesome. Thanks, TomNomNom & STÖK :-)
Second that
Background music 😂😂
It's perfect 🤓😆
That what you should listening on when you performing a hunting :)
Sounds like it's from EVE...
Good Lord! 😂😂😂
its sounds like COD WARZONE
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
That was so much of knowledge ! Thankyou so much stok !🔥
Get some more videos like this
thank you for your content and sharing the knowledge:)
Link of yur youtube wrong=> ua-cam.com/users/STOKfredrik
I'm gonna need a mouse without the STOK
The music in the background is so intense, I will never look at a XHR request quite the same way.
Creepy music lol
Man tomnomnom is such a great guy.
Could listen to this guy for hours, he just seems very wise haha
Totally agree! Trolling through now trying to find more videos of him explaining things
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
That's a cool debugging tutorial, Marshall Eriksen.
LOL
after the first 10 mins, i was like hell, thats a little long for just a debugging tutorial :-p . and it was.
HAAHAHAHHA
exactly haha, now you can debug your partner's spaghetti code
Lol
Finally bridging the gap between web developers and cybersecurity engineers. Well done.
Some notes to self:
1. Be mindful that once something is on the internet--someone is always watching.
2. Always make sure sensitive information (such as passed credentials) are not visible to the public.
3. Change up the folder structure and resource filenames of applications.
"always"????!
@@antoniofuller2331 Always.
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
Where can I learn more about this?
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Wow thanks so much! That helped me more than you know! 🎉
AT LAST Someone explained the debugger function! Incredibly valuable video. Thank you both and thank you h1 for making it happen!
Tomnomnom explains everything so clearly and easy. Great content!
It's a good sign he understands what he's talking about
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
Tomnomnom is so humble. Kudos to him. Wish him all the success.
Is his name "Tomnomnom " coz he eats "cookies"?
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Why are you switching if you don't mind answering?
@@9GodGo probably since the market is getting saturated.
@@APCorelone lol
This is suuper freshh, Thanks guys! The way how Tom controls the inspector is suuper clear, I've learn some tricks with this video..
Thanks for everything ❤️
Please more content like this ✌️
that was dope, both are skilled gentlemen and the editing was really helping the learning. Thank you both!
PLEASE KEEP THEM COMING! WE NEED MORE AMAZING CONTENT LIKE THIS STOK AND TOM!
They way he explains and the background music , gives us feel like some black magic stuff kudos to both of you
Amazing content.
Love how stök is pretending to be a beginner🤣.
Plz plz plz keep these videos coming.
The role playing is so underrated
Indeed he is a Beginner ...
in front of TomNomNom he is
LMAO
Ermm stok knowlege is actually pretty shitty lol.....
Web devs. Are gonna have a nice time watching this😂
sure did. the tool is same but the mentality is fresh.
I wasted my time using dev tools the wrong way
@@tjtheo5280 ? what lol
ikr?
I love this! Using devtool excessively already, but man, did I miss some great stuffz!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
I feel like it's one of the most valuable programming videos I've watched
the bg music is like a horror movie!! thanks again stok and tomnomnom!
I learned more in 24 minute than in my whole college career.....Just Amazing
Makes you question paying for it huh? Can’t stand colleges for this reason.
@@Boorne2Kill I finish college and didn’t learn anything about code but what was in the book 📚 not even related to real life...
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude.
Cheers from Argentina.
Actually more interesting than a netflix movie! Keep it up 😉
Yeah and it's interactive. Can you try to hack my website emeraldledger.com?
Great video, always loved the dev tools but I had no idea about pretty print. You've changed my life
2:29 Are we gonna just ignore the 1st thing on Yahoo News? 😂
Yikes. I missed that.
sweet home alabama *INTENSIFIES*
@Neronian Diamanti wrong
@@n4rfy477 100times lmao
LMAO 🤷🏾♂️
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
Me while trying to teach myself how to code JS: “ah yes, quite simple yes yes I understand”
Me while watching anyone actually program in JS: “wut”
You both are awesome. Thank you stök for this video. We love you.
Do make more videos. :)
Amazing content kudos to tomnomnom btw why is the background music from horror movie
Hacker vibes
This is what i understood from this:
Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
Dude. In the minify process variable names an methods are stripped to bare letters. What are you talking abt?
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
So basically it's a debuggers tutorial 😂
Two lamers talk about debugging.
@@maxmix6406 lamers, lol
Debugging is Art of Exploitation
@@neowick-fp4tttrue, and so is proper punctuation, what you didn't do, which is the art of basic, easy grammar. (;
@@ReligionAndMaterialismDebunked I don't understand your say.
The energy in TomNomNom and Stok actually made me feel like i was learning from friends!
Amazing expalanation
Love the format of this! Thanks!
i am seeing this at night,alone ,and the background music is scaring the sh*t out of me
Title of this video must be "How to use chrome dev tools !!"... Really spend my life's 24.16 min to learn a new methodology
Litterely so much knowledge in one video, loved it sir !!! 🤯🤯💖💖
I love the background music, make it more dramatic and interesting, than boring hip hop beat
One of your best videos so far, super informative and super good explanation done by Tom! And Stök, who doesn't love him :D
Floki is that you??
Loki*
Floki is from the Vikings @@user-zt3hq3pi5l
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
this is awesome to see love this video. Great to have STOK representing the learner so that he can ask the questions that are in our mind aswell.
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
that was awesome, I actually love the background sound. i got into hacker zone again 😂😎😍
Second that
This is a lot more palatable than some of the earlier videos (the powerpoint ones) so thank you for this
this guy is off a bean on god.
"we get a much nicer look at things"
"nooooooooo wayyyyyyy thats nice *high smile intensifies*"
the ominous background music is hilarious
Very Educational even for an senior JavaScript developer
Tysm for this ! Very useful .
Can we have more vids like this in the future with Stok & Tom ?
Incredible production value for such 2-bit content.
Thank u @Tomnomnom i have got super knowledge of java script and how its work @stok and @hackerone thank u see u 2021 in liveevents if allah say
TomNomNom: So, we can start of by turning on the computer.
STÖK: Nooo wayyy, niiiiice! ;D
Keep them comin’!!!!
oh, man! your videos are a joy to watch. thank you very much.
1:04 oh boy
I was waiting for such video for a long time. Thanks STOK.. you are great. And of course TomNomNom :)
"cOoL wItH jUsT oNe ClIcK" dude has probably never seen a browser before
But he won multiple Hackatons and similar events.
Dude knows his stuff. Don't get easily fooled.
he does this for the purpose of teaching the viewers
Only those people dislikes who don't understand the things he is talking about. Loved it guys. Thank you so much.
That background music creates the mood
7:40 xss types
8:40 listeners
20:30 secrets/keys sensitive data
2:29 Nice news xD
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
The interviewer, definitely cooked something before they started recording!
ya his brain
is that your way to say thank you for a very informative and very well edited video about a subject we care to learn?
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
That background music though :D Cool video btw!!
DevTool of Cr is great. But I find Firefox is even better. It allows us to send HTTP request from network tab ya know?
(13:10, 13:22) - Google pub firing range, thanks for showing this. Example for PostMessages.
"I am more of a burp guy", had no idea that developpers' tools existed in Chrome. Hacker level 0.
awesome vid, the suspenseful background music makes it
Guy: "We can also write in JAVA - not to be confused by JavaScript"
Other Guy: "Aha hmm right.... yes. Because Java is.. hmm." (- . - )
I love the “ DeusEx like” music in the background
alert(hi everyone👋)
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
Russell Teapot ****************
Wow! It really works! Security team has done a nice job!
@@the-old-channel ahahaahahah yeah!
@@RussellTeapot ***********
The theme is creepy but I feel like he is livehackin on goverment instead of yahoo, STÖK you are getting better and better in videos ;]
if it wasn't for the horrible music, this would be a cool debugging tutorial :/
music was not horrible at all actually
tomnomnom is an awesome teacher for sure!
need more videos like these man:)
thanks for brightening my day with your upbeat video!
Very nice studying content! Thanks for that and keep up with the good stuff posting!
STÖK you're brilliant xD Thank you both for doing this!
This is the best explanation i was looking for. Thank you TomNomNom, stok and Hackerone
Ignore the haters. This background music is perfect. My life as a hacker should be a David Lynch movie.
Thankyou so much for sharing this video, really loved it
Nodejs + decent JS skill = loads of fun on the web.
brilliant presentation, I love the editing and multiple camera angles. Curious about how you edited it....did you have somebody to handle scene switches with OBS or something?
I like it , thank you for sharing.
the words displayed on the screen were very nice as well
Parse and scope combined is the msg in this video
@@rubenkofman4079 sorry, did you attempt to answer my initial question ? I don't understand your answer
Function optical / scopes..from metric angles and the best performing within obj spectrum / such for background and convertion by Raid_system operational..that goes a long way
Wow this js guy is so calm and clear when he is talking.
This video is absolute GOLD for JS review.
Stök you r greate.. i m big fan of you! greate Guest and Great Host!
I like the concept behind the videos with tom! Please more!!
The erie music in the background while describing dev tools🤣👍 how about going into a coffee shop and spoofing the router, or maybe the next video talk about wireshark... 😳
the full video is really amazing and I like so much the way that the man is talking thanks for both of you ❤❤❤