Real World Hacking Tools Tutorial (Target: Tesla)

Jason Haddix shows us how he hacks Tesla and other companies.
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal
Jason demonstrates tools and techniques to discover targets using free and low cost tools. Find the weakest link and you can get inside. Learn how to attack the back door or side door instead of the front door.
//Jason's SOCIAL //
TH-cam: th-cam.com/users/jhaddix
LinkedIn: www.linkedin.com/in/jhaddix
Twitter: twitter.com/Jhaddix
Github: github.com/jhaddix
Boddobot: buddobot.com/
Bug Hunter’s methodology Course: tbhmlive.com/
// TH-cam Videos Mentioned //
Darknet Diaries: th-cam.com/video/oYcRD9kaoaY/w-d-xo.html
How Nmap really works: th-cam.com/video/F2PXe_o7KqM/w-d-xo.html
Real World hacking demo with OTW: th-cam.com/video/R1amgARgFDs/w-d-xo.html
// Websites Mentioned //
Bugcrowd: bugcrowd.com/tesla
Xmind: xmind.app/
Hurricane Electric: bgp.he.net/
Typing Mind: www.typingmind.com/
Crunchbase: www.crunchbase.com/
Occrp Aleph: aleph.occrp.org/
Shodan: www.shodan.io/
Bugcrowd: www.bugcrowd.com/resources/levelup/bug-bounty-hunter-methodology-v3/
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// TIMESTAMPS //
00:00 - Coming Up
01:14 - Brilliant Ad
01:52 - Introduction to guest
02:51 - Reconnaissance
05:55 - Live Training
06:49 - Real-Life Examples
10:52 - Jason's Background
16:06 - Hacking Tesla
22:40 - Hurricane Electric
27:44 - Security Leading
32:47 - Nmap Scan
34:30 - Crunchspace
37:20 - Wiferion
40:51 - OCCRP Aleph
47:26 - Builtwith
54:32 - Shodan
1:00:30 - IPV 6
1:07:44 - Whoxy
1:15:55 - Kaeferjaeger
1:20:50 - Jason's Online Classes
1:22:06 - Final Thoughts
1:22:24 - Outro

I enjoyed this episode with Jason pulling the curtain back and sharing his methodology. A part 2 to his mindmap process would be great! Even a part 3!

I have to give Jason props, his information gathering is incredible and most are open source.

Excellent content David! Jason did a great job in throughly explaining his recon methodology. PLEASE continue with Jason for a whole series on his TTPs.

Please bring him back again, David
I couldn't purchase his recent course on the bug hunting methodology 450$ because it was so expensive
Please, David, create more content with Jason haddix so that those of us who do not have the financial capacity to afford his paid course to partake on his other program with you on TH-cam

Can’t wait for Jason to come back! So knowledgeable on finding which doors you forgot to lock. As a beginner I’d like to learn more about bug hunting, thanks so much David and Jason.

Quick side note, I love that you used McLovin as the example, priceless.
Also, I love when people say, “oh that’s too simple, they would never do that.” The example that he said with the demo and the company not setting up authentication is a perfect example. Never think something is too simple because someone is out there using it right now, I’m sure of it.

Such great content David. I love that you cover such a wide range of the infosec world. And not only scratch the surface, but ACTUALLY get into these topics. Jason is the man. You should absolutely have him on again. The plethora of knowledge in that brain is incredible

One of the greatest videos on Recon. David you’re a blessing to the infosec world. Thank you for bringing Jason in.

Loved this video! What I really wanted to see, even if for a brief moment, was the expanded Level 2 and Level 3 recon checklist topics, be it just out of the mind map or explored more in depth in the video. Looking forward to the next one!

Jason is AWESOME, please invite him again.
This was definitely one of the best videos in the channel, So much value.

The story about the organization that implemented the demo version of the customer relationship software into production is a great lesson.
It’s reminiscent of not updating some platform with a known patch. It also reminds me of implementing appliances and software into production and not changing the default password.

Again one of the most clear videos on the issue of computer on wheels

the fish behind you and the quote below the fish "mindset is everything" is intresting.

This is unquestionably the best recon video i've ever seen! Every time im doing bug bounties im always worried about hacking out of scope but this makes a lot more sense.

Another great one David! Recon is just such a wide field and I love how your guest really digs in.

Nothing like coming home from work and throwing on some David Bombal videos...

This has got to be one of my favourite of your videos. A true goldmine for beginners like me. Jason is an amazing teacher.

A friend of mine once told me you can play one of two games when it comes to golf; swing the club or hit the ball. When you wind up your swing, the moment you take the stroke there is very little you can do to correct how you are going to hit the ball. If you get your setup correct though, you don't need to worry about the ball any more. Hacking feels similar in that if you do your setup right, the bugs are there and you don't need to worry about making the fine tuned adjustments on a landing page, your setup showed you all the other places you should target instead. The setup is critical.

I may have just found the thing that I can do every day and never work a day in my life. This type of hyper focused research and determination to not let the other person win is who I am. It's how I function without effort. I had never considered my "rabbit hole" brand of info seeking to be of any particular value beyond my own amusement.
Ironically, I had a thought that maybe I am too old to pivot to sec, as my eyes catch a thumbnail titled "Am I too old to get into cybersecurity?"

Wow Thanks for giving Jason H the exposure he deserves !

The videos I like the most on your channel are were professionals show live pentesting stuff. You can learn a lot by looking over the shoulder of those people. Maybe you could bring TomNomNom or dawgyg on the show. Also the "Ruhr University of Bochum" in Germany is very active in security research of TLS protocol. Maybe you could ask people like Robert Merget if they want to present some of their research and tools on your channel.

Great episode! Your guest is absolutely phenomenal. Thank you both

Fantastic content, David & Jason! Thank you so much for the video👏. The tools are excellent and easy to jump right into. I look forward to see the follow up 🥳

Excellent Video! I'm a PEN Tester, it's nice to know I'm on the same track and use many of the same tools, BUT this guy has taught me so much and he's so damn knowledgeable and is an excellent GURU!

this is such a great session. Waiting for more sessions like this from Jason.

If you get him back, I’d love to see him walk us through the NEXT phase of this bug bounty (or any other). Basically, the step AFTER recon. Vulnerability assessment, exploitation, etc. If u can’t do exploitation, then at least the vulnerability scanning. Basically the next step after recon lol.
1) what he does with all these IPs and domains he now has
2) what he’s looking for in the port scans
3) what he uses to assess vulnerable services. What sites or tools he uses to lookup if there are any known vulnerabilities for a particular service. Or vuln scanners, etc.
4) fuzzing (presumably with burp suite), etc

Wow, that may be the most succinct explanation of an OSINT methodology on the web. Great guest!

Jason did a REALLY GOOD JOB! I hope we get an episode finishing all the levels on recon. I personally would like a video on Gaining access and Maintaining access. THANK YOU DAVID always a pleasure hearing the all too familiar South African accent.

Absolutely love seein Haddix on David's Bombal's podcast. He should call it the "Logic Bomb" podcast!!

Excellent video! Jason is the real deal! Thanks for having him on David!

I am totally blown away😁😁 .With this kind of research and attention to detail he can hack any company I cant wait for part 2 , 3 ,4 and 5 .

Absolutely waiting for the next episode with Jason. Thanks

Bro you 2 are SO!SO!KNOWLEDGEABLE, IF U 2 WERE BLACK HATS (OH MY DIZZY DIZZY DAYS YOU 2, IME SO DEPRESSED THAT I COULDNT JUMP ON THE TECH TRAIN . HOW YOU FEEL DAVID!""BLA-DDY WONDERUL ME OLD CHINA,JASON +JASON YOU TRULY ARE A LIGHT THAT SHOWS YOU THE WAY..(THANK YOU 2 ,AND LOVE FVROM THE BIRMINGHAM UNITED KINGDOM.)

This was great, I really enjoyed it! Massive thanks to you both! I'd love a continuation of the recon!

That Goku spirit bomb statue in the back instantly told me that I would like this dude, the statue wasn't wrong.

What a cool video and I can’t wait to watch the whole thing. I just got to the part where Jason was talking about taking an elective on ethical hacking. Good on the teacher for not getting defensive when he said all the stuff was outdated and directing him to a career.

I will appreciate a very high level view of Jason's web hacking methodology,
just like recon process he could go into which vulnerabilities he tests for, in which order, using which tools or services,
Don't go into details like explaining sqli from scratch but just 10,000 feet view of his workflow, and how he prioritizes differet
web vulns, and how he goes about testing them.

One more thing I would like to add to your content is
if the period of the video is reduced it will just be awesome!
(I can't watch a video that is not related to my profession (hacking is kind of a hobby!))
this will help you gain more attention as your content is already excellent!

I really loved this, thanks chaps, would love to see more about ipv4 -ipv6

Dude, I am glad you grew up to be on the right side. 😊

One of the most Brilliant person i met, Jason Haddix.

Awesome video. Many of your guests are informative but this has been the most informative I’ve seen thus far for me

IPv6 at scale takes too long, but most of the internet still runs on NAT. IPv6 doesn't matter if you're using NAT, because it works the same way as IPv4 at the end of the day. One IP running dual stack, find your open ports, and see what is going to forward you into the LAN and what isn't. Same stuff.

I want to thank you for your excellent videos. I am trying to pivot into cybersecurity and your videos are providing real world examples and experience from some serious experts. I have been listening to Darknet Diaries for a few years now and I love that this ties into that episode. I will even go so far as to forgive your recent Rick Roll on TH-cam Shorts. Thank you for the time and experience you are sharing.

This is such a great video. Love the workshop approach, and Jason is a great speaker easing into his process. Definitely want more of this type of content.

Hey David, any chance to cover physical security aspect of pentesting?
Thanks for amazing content ❤

Thanks for giving him the time to show us all the latest tools he uses. I said before you choose the best to bring on this channel :-)

This is one of the most fantastic security vids I've seen you post in a good while! Thank you David, and Jason!!!

The only hacker who truly learnt me to RECON without getting lost , Keep going

Awesome content. I would luv to see the methodology of his day 2 hacking.

1:13:44 yeah thank you so much guys! I think the git-analysis sounds interesting for sure.

Amazing video. I'd love to see more of Jason.

That's amazing. I haven't seen anything like this before. Jason explained stuff like it was easy peasy. I love it !

probably one of your best videos. I like Jason a lot

Excellent video, may I ask what is the application for the fluxogram?

Great episode i really love the amount of information and we need another episode ❤️

This is one of the best shows that you uploaded .. I loved it.

you never fail to disappoint david. and jason is awesome. i loved this

Deam really good stuff, this man thinks out of the box, thanks for sharing with us David 🎉

I just can't wait to see second part. Thank you for sharing.

This really gave me some more practical insight.

it's so instrutcive for people who wanna learn

Ould you please invite him for gull vug biunty course in multiple episodes? This would serve as aspiring students to get a real door to heaven

awesome interview, much concentrated and well-shown material to learn from real pro. I`m so happy to find such an intersting chanel👍

Legendary session! Thanks so much!

Thank you @davidbombal for putting up such a great show and inviting the best professionals in the offensive side of security. Will definitely look for the hacking/exploitation stage in the upcoming episode with Jason. Much appreciated your efforts. Keep up the good work

Enjoyed it and it was very informative. Can you provide the checklist so that we can have it in our recon process?

We need part 2, more content!

Yes, IPv6 routing is misconfigured a lot and quite frankly it is also easy to do as IPv6 more or less allows routing by default!

20:02 this is a very useful list of reconnaisance methods thank you, would love to know about level 2 and 3 methods too

David do you have videos on how to create a safe hacking environment with all the equipment required talking about programs. Thanks for the videos

Kindly do a session on how to manage assets and what to attack at start what specific asset we should go after.

Hi David, Thank you for your video. As always it brings excitement to the IT field.

bring Jason back, this was so good

Great content as usual mate, this shows how to implement a lot of things I've seen into an actual engagement.

More cloud recon techniques! Awesome stuff all around. Any new api recon?

Rare to see recon in this depth for free publicly 👍

By watching the Upcoming section I like your video before watching full video

i really like this session there is lot of information i get from here
very thanks to both of u

really enjoyed this Ep. love and respect for David sir and Jason sir!!!

One of the best contents out there. Thanks

We need to see those corporate training videos on the channel, for science; of course 😉

I've always gotten the impression that with information and cybersecuity, the company is always one step behind the bad guy.

amazing video as always. Thanks you very much Sir David. Could be nice witrh a follow up with other levels of recon

Jason opens my eyes in to whole new level in the world of hacking.

Fantastic interview!

This is amazing, Jason is so epic!

I'd love to see how much more you can do Jason

19:03 Jason's hacking lab consists of a Windows box that uses a VPC. David, maybe you could make a video on how to build a hacker lab using VPC... Just a suggestion.

Amazing content, Thank you david bombal and Jhaddix.

That was great, great show always david.

This was fantastic. It will be great to cover the hacking itself. Cant wait -- Jason, you r rock bro.. Thanks David! Loved the stories.

That's amazing!:)❤🎉Thanks for amazing content ❤

READY! for level 2

For some viewers remember you can always hire someone like him instead of making this a career. By the number of views on videos and probably the demographics of the video it will show that a lot of young people think this is "cool", finance or accounting might seem boring however realize that usually the title of CFO is a step ladder to CEO. Most companies other than TECH usually have CEO's that have a Finance Account background.

Is this the Darknet Diaries that just aired? I just heard this story on last week's Dark Net episode.

Need more otw with jason ❤

Excellent interview and insight 🎉

awesome content, thank you!