1) join obscure group with few people 2) obsess over niche topics 3) spend years dwelling on the arcane *4) realize you've been initiated into a secret order of the elders*
as a minecraft player since 2010 i realized this is what i am to all the new players from the popularity surge simple survival tricks like elevators, auto farms and optimized pathway and construction techniques awe them god forbid i walk past people wearing early minecon capes, players gather and stare.. if only i could have put tens of thousands of hours into something actually useful like electronic engineering..
I knew it had to be a conspiracy. There's no other explanation for why I can't find $100k bugs with just one year of experience. Thanks for validating that its definitely not me!
I love how you never create this image of being genius, but always point out that your incredible knowledge is the result of years of dedicated work. You're an inspiration, keep up the incredible work!
Thanks for that final bit where you say not to be frustrated. I'm personally not into XSS atm but it still applies to what I want. Sometimes I just get frustrated at people who are much younger than me and accomplished much more in less time. I needed that
I thought the conspiracy was going to lead to "it turns out the way they are all connected is that they all... WROTE FOR SKILLSHARE, AN ONLINE LEARNING COMMUNITY WITH THOUSANDS OF CLASSES etc."
Lucas Menicucci you can’t really explain how browser parsers work within 10 minutes.To understand you’d have to work with them and dig deeper in the documentation. I didn’t understand shit either. These guys are on another level so it doesn’t really matter anyway
If you know javascript on an intermediate level, you will understand a lot of this. However only real xss researchers will read the documentation as closely as these guys did. This is what you'd have to do in order to understand this video.
This is fascinating, thanks for posting. I have a very naive question that hopefully some reader can answer. I'm well aware of the idea of xss and the efforts put into preventing it but my question is - why? What can it do? The only examples I've ever seen involve showing a popup. Now I get that an xss can execute more than js alert but so what? What use is, for example, reading a cookie to a hacker? How would they ever get the results of their script? Before I get shouted down, I'm not for one minute suggesting there is not a problem, I just want to understand what the problem is. Thanks.
@@sebastianelytron8450 Notice how they said 'THIS attack'? They never said "BeautifulSoup in python is not vulnerable to any attack". Of course everything is vulnerable, but many things are immune to certain attacks.
Hey there’s a website called BugMeNot which you may or may not have heard of. It used to be completely safe but now hackers are using it to share login credentials. Many accounts were hacked during the discord leak which were used on BugMeNot.
Every time you show some twitter prints, I keep thinking if you are part of this kind of conspiracy, this is just friendship between security researchers or if you are just stalking the top researchers like I do...
So, say someone finds an XSS, but on some website you might not have been asked to find an exploit.. how do you alert the company, without getting into trouble?
It's tricky. Many will be grateful if you just send an email with your findings, but occasionally you get the dingus who threatens to sue you for "hacking their internets". It's best to report them anonymously, just in case.
There's a site called hacker one, along with similar sites where companies put their websites up and give rewards for any vulnerabilities you find. The larger the site (Facebook, squarespace, etc.) the more you get for the bug. I checked it out a few years ago and they can pay thousands of dollars for the discovery of a bug. If the site is not on hacker one or the similar sites check if they have the code on github and you can submit the bug there. Otherwise find their TECH email. I would not recommend telling just anyone at the company about it, they're likely to panic and their superiors might try to sue you for breaking their terms of service.
That's easy, unless there is a bug bounty or something for it, just don't. It's simply not ethical to exploit a machine without permission. If you happened to already find the exploit then that's mistake number one. Mistake number two would be doing something about it. It's not your problem unless you make it your problem.
Eigenmishi in 3D Ooh yeah, what I meant to say was that each part of a system should be simple and compartmentalized. But when the fundamentals are complex as well, then it represents poor abstraction and may be quite difficult to expand.
It highly depends on challenging yourself constantly. Some people spend decades doing the same thing and are just barely good at it. Others become masters in their craft after a few years. The difference? The real pros don't see it as a job, but a passion. You too can become LiveOverflow if you Live the Overflow.
I won't say that getting as good as these guys is a waste of time. But keep in mind that working 12 years on XSS today might not be as beneficial. We do not know what the world will look like in 12 years. Everything you do now will help you in the future, so learn a new skill.
1) join obscure group with few people
2) obsess over niche topics
3) spend years dwelling on the arcane
*4) realize you've been initiated into a secret order of the elders*
as a minecraft player since 2010 i realized this is what i am to all the new players from the popularity surge
simple survival tricks like elevators, auto farms and optimized pathway and construction techniques awe them
god forbid i walk past people wearing early minecon capes, players gather and stare..
if only i could have put tens of thousands of hours into something actually useful like electronic engineering..
Masato: I exploited the frontpage of the internet.
rando: i liek minecraft
@@tacokoneko damn, this comment hit hard bro, the amount of time I could have spent better.
I knew it had to be a conspiracy. There's no other explanation for why I can't find $100k bugs with just one year of experience. Thanks for validating that its definitely not me!
what about now
let me know
What about you now @@ultronhack8151
I love how you never create this image of being genius, but always point out that your incredible knowledge is the result of years of dedicated work. You're an inspiration, keep up the incredible work!
Thanks for that final bit where you say not to be frustrated. I'm personally not into XSS atm but it still applies to what I want. Sometimes I just get frustrated at people who are much younger than me and accomplished much more in less time. I needed that
07:33 "Don't hug me I'm scared" the freaking Notepad!
oh god no
I think that's the leafpad editor
@@floatingblaze8405 for me it looks like the notepad from dont hug me im scared the "creativity" episode
Now let's all agree
To never be creative again
green is NOT a creative color! ¯\_(ツ)_/¯
I thought the conspiracy was going to lead to "it turns out the way they are all connected is that they all... WROTE FOR SKILLSHARE, AN ONLINE LEARNING COMMUNITY WITH THOUSANDS OF CLASSES etc."
Thank you... I as a new pentester I tend to feel demoralized sometimes but your video helps!
i love watching your videos but i hardly have any clue what they mean 99% of the time
99.9% of the audience
Yeah, sometimes I think the explanation goes to fast
Lucas Menicucci you can’t really explain how browser parsers work within 10 minutes.To understand you’d have to work with them and dig deeper in the documentation. I didn’t understand shit either. These guys are on another level so it doesn’t really matter anyway
I just like to pretend that I know programing bc I can explain to people what HTML means.
If you know javascript on an intermediate level, you will understand a lot of this. However only real xss researchers will read the documentation as closely as these guys did. This is what you'd have to do in order to understand this video.
I barely know complex concepts of coding etc but that XSS video was so well explained
"dont feel bad that you didn't find that stuff"
and sometimes I lose a battery between the couch cushions that I never find again
This is by far my favorite channel
hope you can make more video about xss. how can we find xss in multiple ways. where can we learn xss. what tools can we use to help us find xss.
So basically, shower thoughts.
I was never this early.
Mee to
If you're early post something witty/clever to get lots of likes!!
People these days smh
@@sebastianelytron8450 I don't care about likes m8
This is fascinating, thanks for posting. I have a very naive question that hopefully some reader can answer. I'm well aware of the idea of xss and the efforts put into preventing it but my question is - why? What can it do? The only examples I've ever seen involve showing a popup. Now I get that an xss can execute more than js alert but so what? What use is, for example, reading a cookie to a hacker? How would they ever get the results of their script? Before I get shouted down, I'm not for one minute suggesting there is not a problem, I just want to understand what the problem is. Thanks.
Great video, I commented you on twitter the other day about gmail xss
Thank you for the info, and for the positive encouragement
And I'm just here... starting with html and css :')
Thank you, this was really motivating!
thx to liveoverflow, u rock!
Loved the "don't hug me I'm scared reference" green is not a creative colour!
I thought he was saying My Quest instead of Mike West.
BeautifulSoup in python is not vulnerable to this attack
What next? Your mom is not vulnerable to rape?
EVERYTHING is vulnerable
@@sebastianelytron8450 Notice how they said 'THIS attack'? They never said "BeautifulSoup in python is not vulnerable to any attack". Of course everything is vulnerable, but many things are immune to certain attacks.
@@sebastianelytron8450 They said "this attack", you idiot. As in, this specific payload.
@@sebastianelytron8450 god dam you're fucking stupid.
@@sebastianelytron8450 cringe
Past: hello
Too Ez Man!
Now :
the funny thing I was developing CSH (client side hacker) and found this wired parsing but I didn't think it will be in Google as it is huge company
this was 2 week ago
Thank you very much for doing these videos ! :)
Your channel is awesome
Hey there’s a website called BugMeNot which you may or may not have heard of. It used to be completely safe but now hackers are using it to share login credentials. Many accounts were hacked during the discord leak which were used on BugMeNot.
long story short, if you want to do security you'll never catch up and always be behind
Amazing video. So inspiring!!
Thank you very much for this video. It inspired me a lot. Thank you!!!
Per👏se👏ver👏ance👏
Thanks for the follow up n details... ✌🏿️🖖🏿
What is the advantage to launch code in the clients (myself) browser?
That's what people mean when they talk about hacking google with HTML
Why didn't Google just block all HTML tags? I understand they are needed for cases like emails but why then need HTML in search query?
then what ? there is a vulnreability always .you cant block everything.
Every time you show some twitter prints, I keep thinking if you are part of this kind of conspiracy, this is just friendship between security researchers or if you are just stalking the top researchers like I do...
wow i thought this vid had been out longer
same here i thought this was old as well
So, say someone finds an XSS, but on some website you might not have been asked to find an exploit.. how do you alert the company, without getting into trouble?
Why would you worry about getting in trouble? If you really want to stay anonymous email them from temp-mail.org or a similar temp mail service.
It's tricky. Many will be grateful if you just send an email with your findings, but occasionally you get the dingus who threatens to sue you for "hacking their internets". It's best to report them anonymously, just in case.
There's a site called hacker one, along with similar sites where companies put their websites up and give rewards for any vulnerabilities you find. The larger the site (Facebook, squarespace, etc.) the more you get for the bug. I checked it out a few years ago and they can pay thousands of dollars for the discovery of a bug.
If the site is not on hacker one or the similar sites check if they have the code on github and you can submit the bug there. Otherwise find their TECH email. I would not recommend telling just anyone at the company about it, they're likely to panic and their superiors might try to sue you for breaking their terms of service.
That's easy, unless there is a bug bounty or something for it, just don't. It's simply not ethical to exploit a machine without permission. If you happened to already find the exploit then that's mistake number one. Mistake number two would be doing something about it. It's not your problem unless you make it your problem.
Thanks for another interesting video
6:55 in case someone knows where the gif of a girl putting a box on her head comes from, i'd be thankful.
tenor.com/view/embarrassed-box-corner-asian-hide-gif-5201468
Im learning a lot at the same time
XSS sounds like a programming language. .xss
7:34
ptsd flashbacks ._.
That DHMIS reference :D
That was a really good video
Why not just change all characters to Unicode lookalikes before sending it to the renderer?
Good work pro
0:10 yeah its just a XSS but!!! Its a XSS on fcking google! xD
yah thats so good
thank you so much
love you
7:34 Oh no
Very interesting
XSS is TRICKY
I'm pretty sure ive found a small exploit in a website. I can get html tag injection, but no xss, sadly
Try injecting alert(1)
"LiveOverflow"
Hm, I wonder where you got that from...
lol good one
6:52 IU!
I think it's twitter 8:30 :D
Experience = another word for just being old.
No im 15 years old and i was a part of twitters hackathon.
why parse twice? just append already-sanitized DOM object to the document
Nice
3:45 Draw puzzle pieces much? 😂
we are about to getting a fetish level that even not possible.
what is parsing?
man i miss ha.ckers and sla.ckers
Complexity within your system creates nonrigorous behavior, and fundamentally represents weak design.
Complexity represents weak design? How to create powerful systems then?
Eigenmishi in 3D Ooh yeah, what I meant to say was that each part of a system should be simple and compartmentalized. But when the fundamentals are complex as well, then it represents poor abstraction and may be quite difficult to expand.
slackers unite!
I would watch your videos but I know nothing : |
So what is the endgame of this type of exploitation?
Monsanto
It feels as if you know a little bit about computers?
Just guessing....
i got to bet you need 10years to become software pros, and another 10 years to become a real hacker!
It highly depends on challenging yourself constantly. Some people spend decades doing the same thing and are just barely good at it. Others become masters in their craft after a few years. The difference? The real pros don't see it as a job, but a passion.
You too can become LiveOverflow if you Live the Overflow.
*seen*
i like your voice.
Green is not a creative color!
💯🚩
"I thought we could talk about how Masato found this XSS and milk the cow some more."
754th VIEWERS!
Man hört einfach das du auch deutschsprachig bist 😅 aber gutes Video 👌🏼
I won't say that getting as good as these guys is a waste of time. But keep in mind that working 12 years on XSS today might not be as beneficial.
We do not know what the world will look like in 12 years. Everything you do now will help you in the future, so learn a new skill.
11th!
fuckkkkkkkk
f
Bro i want to get connected with you in any social media plz bro
notification squad
Big early
No X-Files theme song? Downvoted sorry.
Only Google search engine, what about others (Duckduckgo )😂, we shouldn't use Google anyway
You can try it too!
Don't use google... he says from a comment on TH-cam