Google Paid Me to Talk About a Security Issue!

LiveOverflow
LiveOverflow
180,462
0
Published 2019-10-01
Conversation with a bug bounty hunter about a vulnerability found in Google Cloud Shell.
This video is sponsored by Google (Vulnerability Rewards Program)
↓ Check the links

Google VRP: www.google.com/about/appsecurity/reward-program/
Cloud Shell PoC exploit (fixed): github.com/offensi/LiveOverflow-cloudshell-poc
Cloud Shell docker "escape": github.com/offensi/LiveOverflow-cloudshell-stuff
Theia IDE: theia-ide.org/
wtm: twitter.com/wtm_offensi

=[ ❤️ Support ]=

→ per Video: www.patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

=[ 🔴 Stuff I use ]=

→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-intuos
→ Camera#1 for streaming:* geni.us/sony-camera
→ Lens for streaming:* geni.us/sony-lense
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-keyboard
→ Old Microphone:* geni.us/mic-at2020usb

US Store Front:* www.amazon.com/shop/liveoverflow

=[ 🐕 Social ]=

→ Twitter: twitter.com/LiveOverflow/
→ Website: liveoverflow.com/
→ Subreddit: www.reddit.com/r/LiveOverflow/
→ Facebook: www.facebook.com/LiveOverflow/

=[ 📄 P.S. ]=

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Progra
All Comments (21)
  • @TheWootify
    Like everyone else i am also hoping you will get the chance to create more videos for the Google VRP, LiveOverflow! Best wishes, @wtm_offensi
  • @XDRosenheim
    Google: Sponsors a YouTube video. YouTube, a Google company: Wait, can we demonetize this?
  • @karl2673
    Google is like Italy, it switches sides when you least expect it.
  • @renanlopes6220
    I can't think of anyone better than you for this job! Glad to see you getting rewarded after all these years of effort here on YouTube. Congratulations !
  • @NicholasMaietta
    Other companies, pay attention. This is the right way to talk about things like this. The more open we are about bugs and problems, the more secure these companies become. I love this model.
  • @kobiassvilli
    LiveOverflow to be the official bug reporter for Google? you got my vote!
  • @dgramop
    I really enjoy how you also explained his thought process and how he was able to do the legwork to find the vulnerability. I know people in the cyber world that would just say "there was an issue where it would automatically execute gradle" and then call it a day, if I;m lucky, after giving more details about the vulnerability itself. People rarely talk about the thought process required.
  • @AlexBMJ01
    Awesome video! It's always cool to get the story behind a vulnerability. Would love to see more content like this!
  • @WikiPeoples
    I really appreciate you pausing to remind the viewer that this work is tedious, and takes time. The problem with YouTube educational videos these days, is that unless you remind yourself of this, they can make some people very discouraged... That's because their expectation is that when they sit down to code, or research, it will look similar to the video they watched... And instead of being smooth, and almost effortless, it's the complete opposite - difficult, slow, challenging.
  • @mpwsh
    Great video! I would love to see more vulnerability disclosures explained like this in the channel. This also says a lot about what Youtube/Google was saying about demonetize hacking related videos. Even tho this is hacking related, it's clearly more educational than a step by step on how to damage someone by hacking their wifi or creating social engineering sites.
  • @lukor-tech
    I am very happy that this type of sponsorship is happening ! Way to go and best of luck with next productions.
  • @tomasgemes4349
    Bro this is completely EPIC! Google sponsoring. It could get even nicer though, just imagine google asking you to talk about critical historic bug reports on android, drive, youtube, search engine. IT COULD BE AWESOME!
  • @Milamber-pg3ju
    I really enjoyed the format of this video. I liked getting the explanation from the source as well as LiveOverview’s explanation. I would watch more like this in the future.
  • @Mith07
    This title sounds like clickbait but it's actually not.
  • @Fritzendugan
    Congratulations! I've been watching your videos for some time and it warms my heart to see secure these types of partnerships and grow your channel. Well deserved! And not to mention definitely an interesting video. Kudos for keeping everyone grounded and reminding that videos don't capture everything (on purpose, of course) :)
  • @CySnowdrop
    Well done mate! I've been following you for a while now and you totally deserve the sponsorship!! Keep up the good work mate!
  • @bjornroesbeke
    Finding hacks is always the result of someone saying "What if...", playing around a bit and then getting an understanding of how things work. A potential question: Would you have invested the time and effort if Google didn't have a bug bounty program, just to learn something?
  • @Mith07
    You can really see how much work you put into this video compared to your usual videos. It's one of your best videos imo, keep it up!