google has a lot of pros and a lot of cons. but from my view point, it has way more pros than cons. Google likes to remember they were built by engineers and the only way to win is to get engineers on your side
@@pvic6959 i agree with your comment, especially google's policy of the 80/20 rule where 1/5th of the time employees can pursue their own ideas and self organize. However, I was severely disappointed when they officially changed their company moto away from "Don't be evil" [The original motto was retained in Google's code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct's preface and retained in its last sentence.] If that wasn't a warning sign I am a platypus.
@@TheOrganicartist I agree with you as well and am deeply disappointed too. i personally know a few googlers and they were very upset by that as well and there was internal uproar. but from what they say, their teams and leads carry on as if that is still the motto. of course, i cant say for sure but i have no reason to distrust them I think its not part of Alphabets moto but it is still part of googles or something
the more you learn the more you know you are not an expert. It is a weird feeling. You start something new and be like: I will be an expert in this. Then you dig deeper and realize that you are a total noob. And then comes a moment when you can answer somebody else a question to that topic and you feel like: Hey i am not a total noob anymore. It is such a good feeling to help others with something you achieved with hard work. And maybe some day they can help you too.
@@subverter1.188 there is a theory about that, dumb people thought they were smarter than they were and smarter people thought they were dumber than they actually we're
Im from Uruguay, as soon as a heard my country's name i was shocked. Most people dont even know where Uruguay is, but we got this boy killing it rn hahahaha
Maybe it's just me, but I would love it if you could possibly make a video detailing bug bounties, such as basics, legality issues, where to begin etc. Again maybe it's just me but I think this could be a hot topic edit: I should also mention, I understand this information is out there, but was thinking it could be useful as kind of a one-stop-all video
I didn't understand half of what Ezequiel explained ... but I swear to god, when they got to the enum, the first thing that came to my mind was the value 'GSLB' :D great job, though
Holy Moly, Ezequiel is freaking master mind. This was very interesting, very educational and I wish I just had 1/3 of that knowledge and be able to assemble pieces of puzzle like this. Congratz, you deserved!!!!
@@bellabear653 I know rigth like what the fuck...give him a mil or something, i wouldnt even submit that sht...but then again i only know pc power button on and off
@@hexadecimalhexadecimal5241 Well google zero days can be very dangerous and since most of the world uses it makes it worth a lot of money. I am surprised people bother helping Google find these exploits for that kind of money. This company earns billions.
Shows the reality of what it takes and the amount of work to find just on vulnerability. Also shows how dangerous these exploits are the companies vulnerable to it. 👍
Im planning to do that on my schools web server for us students. I found a LPE so I can overwrite other ppls websites or even the index of the whole website. I cant wait to see everyone‘s reaction :P
@@mactalk2871 One of my classmates back in school also tried something, and I think he got in, but the schools system noticed him because he was doing it during IT class, in the school so they called the police on him :D but fortunately for him he school dropped the case againist him. And I also remember that the IT teacher said the he knows the grading system is vulneratble to SQL injection :) (but I don't think my classmate was doing this)
@@Psanyi42 a first-year student tried to use SQL injection on our uni's main website and was able to break the database. Admins were furious and I believe demanded his expulsion. My teachers' response was along the lines of "how dare you be blame a freshman, who only just learned what SQL is, for this. Every one of our students knows this is dumb and you shouldn't even have your job of you don't know that"
Anyone who's hacked a machine called Quick on HTB will know how cool this is because the machine involved compromise of HTTP/2. I learnt a lot about protobuf and gRPC on that box but unfortunately that was the last time I ever heard or dealt with it again,pretty cool to see a real world implementation of this. Shout out to HTB for the dope hacks.. Excellent work Ezequiel👌🏾💯
Second time I watch this video, and I still find it awesome! As I understand, besides the prizes, Google should offer him a proposal for hiring, now or soon. He proved to be a great asset.
I'm a high school student and I'm honestly seriously considering going into security vulnerability research rather than computer programming, this field is insane
Most CS students' only experience before college is programming their calculator in math classes. Plus having experience doesn't necessarily mean being good. And being good at coding isn't such a huge advantage either, since CS isn't about programming. Being somewhat proficient in C, JS and Python for instance won't help much with your calculability and complexity theory classes for instance, beside perhaps having heard of the P=NP problem, Turing machines, halting problem, and the Big O notation before. Unless you also have experience with using the pumping lemma to prove that a particular formal language is non-regular.
Or your math, physics, networking, security, operating systems, programming language theories, and compiler ones (and so on). Even for an algorithm course: do you have experience with dynamic programming to solve problems like the Tower of Hanoi puzzle, shortest path in a graph (Dijkstra, Floyd), or obtaining the maximum a posteriori probability estimate of the most likely sequence of hidden states that results in a sequence of observed events in the context of hidden Markov models (Viterbi algorithm)? I'm not showing off, I'm simply trying to show you that CS is about as much about programming as math is about numbers. Which is to say, it's about much much more than that. Not to mention that a functional programming language like Scheme is taught first in lots of university. While you can use the functionnal paradigm in some modern multi-paradigm languages like JS and Rust, it's not what most people do before college. Unfortunately so, since ML is amazing and arguably one of the most important language ever created. Anyway, good luck in your studies!
I'm glad I managed to guess the "transport" right! What a shame would it be if he gave up at that point, especially since the answer is so obvious. But people like him just don't seem to give up. Amazing job.
Thank you for these Videos! Its always amazing hearing about those exploits. Having them presented in such a great format really helps with accessibility.
I know you're joking, but just in case: such a bug is never the fault of one person. This is a chain of oversights across multiple teams; devs, system architects, and system security, to name a few.
When interacting with services to the scale of Google. They will be vulnerabilities particularly in configuration (here the staging dogfood API routed by the GSLB and the GSLB from deployment manager). He is impersonating one major GCP service then one major google internal engine through the SSRF.
I work at one of these big companies and he knows more than I know about our own systems lol. I wish I had his ability to read documentation. My eyes just glaze over when I have to read docs :/ to be clear, what I meant is that I havent spent time trying to learn our systems as deeply as he has learned google systems. but to do that you need to read docs :P I didn't mean google systems but my company's internal systems in general lol
TheOrganicartist this feels out of place, but I'm genuinely curious since you're sharing information like that. Interesting to see the diverse group of people who watch these kinds of videos.
Imo the most important vulnerability in this bug in their cloud API is that most probably other google cloud clients that had an app deployd were exposed also.
164k Dollars is such a small amount considering the damage that could be done with this vulnerability ... It's a very smart move from companies doint those competitions for their own security measures but I think in this case they could have been a bit more gracious with the amount of money :D
Exploits like this are always caused by lack of someone doing something they should do. Something simple overlooked and/or not checked, at some crucial spot. Still impressive because I'm not sure how he could just find that out somehow externally.
Im just learning what packet sniffing/editing is so I think this is way over my head, but good video. I will rewatch after my training arc and see how much I understand then.
This is a fraction of what a employee would make and they dont have to give any other benefits. They get to crowd source their security and not pay an employee
the thing is google has people trying to check those issues. But noone of those found the issue, so the tactic is to make it easier, more legal and still pretty lucrative to tell google when you find stuff like this, instead of risking your own head and google risking big biiiig trouble if they wouldn't pay for stuff like this. Imagine someone finding rce and going for the biggest payday they could. Imagine how much the hacker would earn (probably 10x what google pays, but they risk it not working at all and them going to prison) and imagine what it would cost google... probably billions.
@@mzaki8503 ikr ..i have seen some commie cuck lords on twitter saying google, amazon pay less to their employees while per capita of their employees is highest in the world
"The Google SRE book he mentions is really cool. It's been on my reading list for many, man years.... But I cannot read books, so I never did." XD I'm DED lol
@@chrislang2118 @aloufin I suspect he doesn't have the ability/experience/motivation to focus in that particular way. It's my experience that reading books is something I can get into, but the thought of it always seems difficult if it's been a while since I read several books consecutively. I've been planning for a while to get some quality tech books, finally will have the money for shortly. Looking forward to learn subjects in depth while simultaneously getting some sorely needed break from too much screen time...
There are a lot of books I want to read, but I just lose interest or focus a few minutes in. I have a better time listening to audio or watching a video/presentation than reading a book. Books aren't for everyone. Might be the case for him too.
I love how humble he is and how he just calmly explains what he did. He's probably smarter than a ton of cybersec people who are working in good jobs in the states who tend to talk down or act like they are so high up than all of us.
More software companies should act like this, you need to get these people on your side.
google has a lot of pros and a lot of cons. but from my view point, it has way more pros than cons. Google likes to remember they were built by engineers and the only way to win is to get engineers on your side
@@pvic6959 i agree with your comment, especially google's policy of the 80/20 rule where 1/5th of the time employees can pursue their own ideas and self organize. However, I was severely disappointed when they officially changed their company moto away from "Don't be evil"
[The original motto was retained in Google's code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct's preface and retained in its last sentence.]
If that wasn't a warning sign I am a platypus.
@@TheOrganicartist I agree with you as well and am deeply disappointed too. i personally know a few googlers and they were very upset by that as well and there was internal uproar. but from what they say, their teams and leads carry on as if that is still the motto. of course, i cant say for sure but i have no reason to distrust them
I think its not part of Alphabets moto but it is still part of googles or something
Nah, they are too busy with their heads up their asses asking for "how to reverse a linked list" lol
@@nightking4615 someone's salty because they didn't pass the interviews :D
i’ve never seen someone look so chill about winning 160k
probably shock lol
It's because hacking it got him far more pleasure
I am so deep in debt, receiving that news would make me cry, A LOT.
@@gidedin Feel sorry for you ☹️☹️
Is he from Brazil? Might be afraid he'll get kidnapped or some shit after this video releases lol
I love how he's like "I'm not an expert on this"
The humble ones are the wisest
Neither is google I guess
the more you learn the more you know you are not an expert.
It is a weird feeling. You start something new and be like: I will be an expert in this. Then you dig deeper and realize that you are a total noob. And then comes a moment when you can answer somebody else a question to that topic and you feel like: Hey i am not a total noob anymore. It is such a good feeling to help others with something you achieved with hard work. And maybe some day they can help you too.
@@Andre-ih1yg Dunning Kruger effect?
He's got some impostor syndrome
Ezequiel: "I'm not an expert on this"
Also Ezequiel: *Proceeds to hack Google*
He should go after Fusion and thorium-LFTR nuclear discussion
lmaooo 😁 truee-😂
@@subverter1.188 there is a theory about that, dumb people thought they were smarter than they were and smarter people thought they were dumber than they actually we're
@@banni4291 dunning kruger effect and imposter syndrome?
Google: am I joke to you?
"Now you can maybe see where all of this is going".
I have absolutely NO idea my friend.
Well, I could see where it could go, but would have thought it wasn’t viable at 3 or 4 points where Ezequiel managed to find a way to progress...
Welcome to the club, dude 😎
@@M______M isnt GLSB the pro gay-lesbian movement thing
😂😂me too
@@empnadajhhh9469 😂😂
How can this dude hold his head up with so much knowledge in it
😂Lol
abahahahahaha
he is not an EXPERT
@@alifellahi the more you know....
800th like
Pretty cheap way for Google to find major flaws that would cost them millions to fix
Yup. Significantly cheaper to fix issues like this proactively rather than reactively.
Yep they can hire hundreds of ppl for 133k or a pentester would cost like 500k-1m for how many’s servers google has
@@SP1KEY But not all hundred people can find the bug that this guy found. That's why they hold such competitions.
Google are very clever
Many companies do this
In Uruguay with 1K/month you can be 'ok'. Im so glad for him
Imagine he used the issue tracker API and created an issue that described this exact bug for the internal team, That would've been scary.
Wasn't that a GET request? I might be wrong
@@vishnuprasanth4725 yeah it only performed get requests.
New priority issue: “I made this issue via SSRF.”
lmfao. genius.
meanwhile im struggling to center a div in css
Thats okay, hard problems like that take atleast a week to solve. Atleast if someone is paying you for it
display: flex 💪
@Geralt Rivia display:flex;
place-items:center;
flex-direction:column;
margin: 0 auto;
LOL
Im from Uruguay, as soon as a heard my country's name i was shocked. Most people dont even know where Uruguay is, but we got this boy killing it rn hahahaha
Yo también ,vamo arriba la celeste
me fui a uruguay una vez y lo amo
jajajajajajjajajajahahah
If we leave the US out of it, I think most people know where Uruguay is!
I think a lot of people know about Uruguay and know where it is. Especially football fans because of Suarez, Cavani, Forlan, Godin, etc.
Having the PR team on standby was great
I thought hackers just typed at the keyboard for 5seconds and then say "I'm in"?
No lmfao that's just in movies
@@tonkatruckgaming5724 wow really?
Only when the password is 1234 :)
@@tonkatruckgaming5724 main bhi shaamil , lol
ic
password its literally 8 stars... *******, mind games :^)
I've seen this video a thousand times and everytime I get so happy seeing him smile upon learning he won the GCP Prize. Awesome job.
That protobuf enum trick was really cool, props to him.
Being from Mexico, seeing a fellow Latin American be so smart in coding really makes me proud
you people expert at that white flour thing that sometimes sneak into nose
@@morlarav602 Completely unprovoked
I'm from Uruguay and I'm proud of Ezequiel 🇺🇾
What I love about this is that it looks like he was just having fun while learning something. I love it!
You know what would have been funny, is if he figured out how to make a issue on the internal issue tracker for this bug
Yah that's not within terms of the hackathon, to manipulate data. You'd lose the prize money and probably your reputation in the field!
@@DIANA-1337 also, it sent get requests
It would be nice if more companies would act like google. One more nice thing would be to hire guys who have such a talent
lol i would not be surprised if that option was given to him. also if he just applies regularly, Im sure this looks great on his resume
He worked for some time at Google as an intern, then he got an offer from Facebook as a Security Analyst(just few months back).
Maybe it's just me, but I would love it if you could possibly make a video detailing bug bounties, such as basics, legality issues, where to begin etc. Again maybe it's just me but I think this could be a hot topic
edit: I should also mention, I understand this information is out there, but was thinking it could be useful as kind of a one-stop-all video
I agree.
backing this up
Didn’t he make a video about that a while ago? Or am I going crazy?
@@gavintantleff maybe, pls do send ?watch if you know it
I didn't understand half of what Ezequiel explained ... but I swear to god, when they got to the enum, the first thing that came to my mind was the value 'GSLB' :D
great job, though
I'm noob, but would by any chance just calling INT numbers work on a Enum system? like a small bruteforce from 0 to 100 eventually, get something?
@@arduing9589 No it wouldnt work, thats exactly why its an enum. And for more readability ofc.
@@stylishskater92 was wondering too. thanks for explaining
Holy Moly, Ezequiel is freaking master mind. This was very interesting, very educational and I wish I just had 1/3 of that knowledge and be able to assemble pieces of puzzle like this. Congratz, you deserved!!!!
I love it when the i banner covers up the very small advertisement text in the top-right corner.
I LOVE how the prize amount is literally “LEEEET”! Lol
This is the way :D
You do understand that bug he found would be worth a 100s of millions of dollars to them.
It's not good money this kid deserved much much more.
The first winning is also leet, it is e-leet.
@@bellabear653 I know rigth like what the fuck...give him a mil or something, i wouldnt even submit that sht...but then again i only know pc power button on and off
@@hexadecimalhexadecimal5241 Well google zero days can be very dangerous and since most of the world uses it makes it worth a lot of money. I am surprised people bother helping Google find these exploits for that kind of money. This company earns billions.
Wow, this is amazing. Shows it pays to RTFM and sticking to a particular target. Nothing comes easy. Thank you for this amazing walkthrough video ❤️.
Shows the reality of what it takes and the amount of work to find just on vulnerability. Also shows how dangerous these exploits are the companies vulnerable to it. 👍
this is a whole documentary :D
Exploiting this bug I would have created a new issue in the google issue tracker :)
That would be funny 😆
Im planning to do that on my schools web server for us students. I found a LPE so I can overwrite other ppls websites or even the index of the whole website. I cant wait to see everyone‘s reaction :P
@@mactalk2871 One of my classmates back in school also tried something, and I think he got in, but the schools system noticed him because he was doing it during IT class, in the school so they called the police on him :D but fortunately for him he school dropped the case againist him. And I also remember that the IT teacher said the he knows the grading system is vulneratble to SQL injection :) (but I don't think my classmate was doing this)
@@Psanyi42 a first-year student tried to use SQL injection on our uni's main website and was able to break the database. Admins were furious and I believe demanded his expulsion. My teachers' response was along the lines of "how dare you be blame a freshman, who only just learned what SQL is, for this. Every one of our students knows this is dumb and you shouldn't even have your job of you don't know that"
@@vinno97 Your teacher has a brain
this guy is amazing! Really good detective work.
Grande Ezequiel representando Latinoamérica :)
Sólo urguguay😎
@@alexitoyt1130 shhhh
@@alexitoyt1130 solo a el 😎
Orange is absolutely my favorite broadcaster in the world of Application Security. What an amazing intellect!
“Do you see where this is going?”
Me: Absolutely not
my head hurts by looking at the gibberish codes but somehow he just make sense of it :)
Congrats on Winning the Big Prize and you deserve it Ez!
This Video actually says: "Never Give Up" & " Believe in Yourself"
Fenil: I needed a message like this. Thank. I'll keep that in my mind all the time.
Anyone who's hacked a machine called Quick on HTB will know how cool this is because the machine involved compromise of HTTP/2.
I learnt a lot about protobuf and gRPC on that box but unfortunately that was the last time I ever heard or dealt with it again,pretty cool to see a real world implementation of this.
Shout out to HTB for the dope hacks..
Excellent work Ezequiel👌🏾💯
Truly amazing work by Ezequiel, awesome video as well! Congrats!
Second time I watch this video, and I still find it awesome!
As I understand, besides the prizes, Google should offer him a proposal for hiring, now or soon. He proved to be a great asset.
He was hired my google
I'm a high school student and I'm honestly seriously considering going into security vulnerability research rather than computer programming, this field is insane
dont you have to be good at programming to understand computer vulnerability?
@@swagm8919 You really think I'm considering computer science without having experience programming?
@@tgrcode wdym alot of people get into CS from college
Most CS students' only experience before college is programming their calculator in math classes. Plus having experience doesn't necessarily mean being good. And being good at coding isn't such a huge advantage either, since CS isn't about programming.
Being somewhat proficient in C, JS and Python for instance won't help much with your calculability and complexity theory classes for instance, beside perhaps having heard of the P=NP problem, Turing machines, halting problem, and the Big O notation before. Unless you also have experience with using the pumping lemma to prove that a particular formal language is non-regular.
Or your math, physics, networking, security, operating systems, programming language theories, and compiler ones (and so on). Even for an algorithm course: do you have experience with dynamic programming to solve problems like the Tower of Hanoi puzzle, shortest path in a graph (Dijkstra, Floyd), or obtaining the maximum a posteriori probability estimate of the most likely sequence of hidden states that results in a sequence of observed events in the context of hidden Markov models (Viterbi algorithm)? I'm not showing off, I'm simply trying to show you that CS is about as much about programming as math is about numbers. Which is to say, it's about much much more than that.
Not to mention that a functional programming language like Scheme is taught first in lots of university. While you can use the functionnal paradigm in some modern multi-paradigm languages like JS and Rust, it's not what most people do before college. Unfortunately so, since ML is amazing and arguably one of the most important language ever created.
Anyway, good luck in your studies!
Don't understand a single thing. Just here to sleep. Soothing & calming voice.
"I'm not an expert on this"
Yeah, nor Google 😂
Experts blunder too.
Slipping up on one endpoint out of hundreds you build doesn't imply lack of expertise.
I'm glad I managed to guess the "transport" right! What a shame would it be if he gave up at that point, especially since the answer is so obvious. But people like him just don't seem to give up. Amazing job.
I love that the price tag for this bug is a long LEEEEET :-)
Excellent video.!!! .. and remarkable the reasoning that used Ezequiel Pereira !!!.. Congratulations
I love how they threw the 1337 in there. True nerds.
My heart just get enlightened by these type of findings
That was so cool and informative, I learned a ton about behind the scenes server stuff, great video!
Insane, Well Done Ezequiel! Looks like I need to understand APIs way more.
The caption at 20:50 should be "GSLB addresses". The SRE book publicly documents BNS addresses as /bns//// . Keep up the good work :-)
Thank you for these Videos! Its always amazing hearing about those exploits. Having them presented in such a great format really helps with accessibility.
The prize is a years salary of the engineer that got fired for leaving this bug in their deployment service
Google would end up without engineers then.
I can guarantee nobody got fired for this.
By the rate google is fixing CVE‘s in Chrome, there would now be 5 ppl left working at Google
I know you're joking, but just in case: such a bug is never the fault of one person. This is a chain of oversights across multiple teams; devs, system architects, and system security, to name a few.
When interacting with services to the scale of Google. They will be vulnerabilities particularly in configuration (here the staging dogfood API routed by the GSLB and the GSLB from deployment manager). He is impersonating one major GCP service then one major google internal engine through the SSRF.
probably one of the better breakdowns on yt, at least for now
I think gRPC is so cool and I love the creative use of it to enumerate values for fields. Really really awesome work!!!!
And yes soo humble. This guy cannot have a price on his head.
Live overflow the actor: “oh!”
this gives me alot of confidence when not understanding something the first time lol
Google should give a job for this talented person 🔥
You lose your freedom when you work at Google
@@StefanReich I don't think so, still most people in google have a lot of freedom
@@imuser007 Yeah they have good PR. That happens when you have good PR people.
Imagine wanting to work at Google . ewww
It’s the reason he found the bug, you always want outside eyes with no bias or policy etc
This was extremely well figured out and i learnt a lot by watching this video. Well deserved bugbounty (and great writeup / filmup
Plot twist: the prize is paid in the form of GCP Credit.
ROFL.
Haha no way
That would be hilarious, but since they use $ sign it kinda means its paid in USD
Your channel only gets better! I'm a huge fan!
29:35 "GSLB" was actually my first guess, since he wants to use gslb, i thought that was the obvious choice lol
Yeah sometimes even the gurus can miss 'obvious' stuff like this
i read the article earlier and i was really happy to see the first line mentioning your video
I work at one of these big companies and he knows more than I know about our own systems lol. I wish I had his ability to read documentation. My eyes just glaze over when I have to read docs :/
to be clear, what I meant is that I havent spent time trying to learn our systems as deeply as he has learned google systems. but to do that you need to read docs :P I didn't mean google systems but my company's internal systems in general lol
TheOrganicartist this feels out of place, but I'm genuinely curious since you're sharing information like that. Interesting to see the diverse group of people who watch these kinds of videos.
@@TheOrganicartist I'm definitely going to do the egg + vinegar thing ❤
@@TheOrganicartist This might be the most informative comment I have ever read on UA-cam. Thank you man
He says he had to read it 4-5 times and he still didn't fully understand what it does. Don't worry, you're normal :)
@@Antaquelas I think this is the best compliment I have ever received on the internet!
\o/ I'm happy to help.
Thanks a lot. This is fun and unremarkable. Congrats to Eziquiel
this bug/video was super interesting, this is why i love liveoverflow lmao
Feel like re-liking this video every time I watch it. That's an intriguing thought flow Ezekiel has!!
I am looking at the blurred pics of the Google team and trying to find a long-haired polish guy :D
do they work at the seattle branch, i might know them.
Who???
He is making a reference to Gynvael :)
@@Antaquelas who is he?🤨
@@Antaquelas Well more than one Seattle google person fits that description, so forgive my mistake of not recognizing the reference ;D rofl
Imo the most important vulnerability in this bug in their cloud API is that most probably other google cloud clients that had an app deployd were exposed also.
25:04 coming up with that idea is ingenious!!!
164k Dollars is such a small amount considering the damage that could be done with this vulnerability ...
It's a very smart move from companies doint those competitions for their own security measures but I think in this case they could have been a bit more gracious with the amount of money :D
I have no idea about what's going on here, but still interested in watching this video
@14:51 what what program was he using to capture requests and responses? .... great video btw and congrats @Ezequiel Pereira
I believe it was Burpsuite
same question,
Ezequiel: "I'm not an expert on this"
2 week later
Ezequiel: I'm in 🤣
Aye! Good job love the expression on his face🏆👍🏾
Vamos Sudamérica carajo! Felicitaciones Ezequiel!
not anywhere close to being the first or closest, just here for the enjoyment :)
Nice work buddy 👊 And smart move Google... easiest way to find your flaws
Exploits like this are always caused by lack of someone doing something they should do. Something simple overlooked and/or not checked, at some crucial spot. Still impressive because I'm not sure how he could just find that out somehow externally.
I'm uruguayan and i didn't was expecting this.
"What's your name?!"
"Ezekiel"
Indeed it is.
Im just learning what packet sniffing/editing is so I think this is way over my head, but good video. I will rewatch after my training arc and see how much I understand then.
"uploaded 10 seconds ago" damn I'm early
Uruguay Uruguay, proud of you !!!
This is a fraction of what a employee would make and they dont have to give any other benefits. They get to crowd source their security and not pay an employee
the thing is google has people trying to check those issues. But noone of those found the issue, so the tactic is to make it easier, more legal and still pretty lucrative to tell google when you find stuff like this, instead of risking your own head and google risking big biiiig trouble if they wouldn't pay for stuff like this. Imagine someone finding rce and going for the biggest payday they could. Imagine how much the hacker would earn (probably 10x what google pays, but they risk it not working at all and them going to prison) and imagine what it would cost google... probably billions.
Yea right poor employees. Google's employee TC is the highest in Silicon Valley and probably the entire world
@@mzaki8503 ikr ..i have seen some commie cuck lords on twitter saying google, amazon pay less to their employees while per capita of their employees is highest in the world
Negative Nancy
This was a fantastic video. Thanks for the attention to detail :) and congratulations Ezequiel
Plot twist: he has a friend that works at Google
How a person could learn such complex things in his lifetime is beyond me.
"The Google SRE book he mentions is really cool. It's been on my reading list for many, man years.... But I cannot read books, so I never did." XD I'm DED lol
does he have a learning disability? I don't get the joke lol
Same I don't understand
@@chrislang2118 @aloufin I suspect he doesn't have the ability/experience/motivation to focus in that particular way. It's my experience that reading books is something I can get into, but the thought of it always seems difficult if it's been a while since I read several books consecutively. I've been planning for a while to get some quality tech books, finally will have the money for shortly. Looking forward to learn subjects in depth while simultaneously getting some sorely needed break from too much screen time...
There are a lot of books I want to read, but I just lose interest or focus a few minutes in. I have a better time listening to audio or watching a video/presentation than reading a book. Books aren't for everyone. Might be the case for him too.
While watching him stuck on transport method, I was wondering did he try/bruteforce with GSLB, but he figured out another way. Cool!
jsut to brag a little : my first thought was : "its probably glsb"
Too bad it was gslb ;-)
@@andrewtaye gbsl ?
I love how humble he is and how he just calmly explains what he did. He's probably smarter than a ton of cybersec people who are working in good jobs in the states who tend to talk down or act like they are so high up than all of us.
Every time Ezequiel throws a rock, he hits a private Google server. What kind of luck is that? I guess perseverance does pay.
what kind of Luck ?
I love the commentary and the way he is surprised on learning such cool stuffs.
14:50 What program is it?
Looks like Burpsuite to me
I am amazed by ezequiel, he is a great guy really
First!
This is cheating. But ok.
Thanks for the nice videos btw..
wonderful video as always. congrats Ezequiel! hugs
Anyone else notice the price money says LEE, EET?
That’s the point. It was done as a joke
Easy to follow, yet I would not have come to his method on my own. Kudos to him!