I was for 2 hours out of the universe and don't wanted the video to rich the end. Thank you so much I really enjoyed the concept and the way of explaining it.
Correction : I was out of this Universe for two hours and I didn't want the video to reach the End , Thank you so much I really enjoyed the concept , and the way you explained it all .
This has to be the best and most insightful introduction I've ever seen. It feels like a never-ending video resulting in me going "whaaaaaaaaat?" every other minute :D
I fell asleep to this and dreamt I was in an auditorium with my old high school classmates sitting through a "lecture" and they were distracting me from something I found really interesting. It was supposed to be a seminar but a student in the crowd took over and ran the show lol
I really like this guy! Very informative without coming across as cocky whatsoever! I'm EXTREMELY new to this stuff but it probably would have been cool to sit in this class and hear him speak in person!
Excellent Video, I was able to follow along on split screen and do the examples! Please post more, very informative and educational!!! Thank you for posting!
@@Retro64XYZ do you do any more vids... i used to live in Pho... i wish i could go to your group. I have been to some boring ones, but yours seem to be a ton of fun
I saw someone makeing a python script using shodan and I wanted more information about how it works . Thank you for posting this very informative video !
Some years ago I quit hacking and security, doesn't matter the reason, and I was miserable. A few weeks ago I decided to start checking out security again and THIS video helped me really decide to go full steam ahead to get myself back to it. Thanks Aaron, you have no idea how much you helped me. I was wondering if the command line Shodan version is better than the web version, it seems to me that the web version has many pros. Hope someone can answer this. GRATE video.
I really like the CLI version of Shodan and I plan to make a video / presentation on it. Thanks so much for the comment and want to welcome you back to the community. I hope things go well and you learn much and teach even more! Have a good one!
44:36 just to add an update here, he states that tw telecom holding and cox communication are running the xp machines. This may not be accurate; in some cases the ISP is provided as the business name. This means they are using cox or TWT as their ISP. It could be CG NAT, so from scanners it appears to be COX or TWT. This is common with ipv4 since ISP's may only have so many ip's to give out.
I work in ICS and many older and come modern devices, ONLY have telnet for serial communications. Then you have to lock down the network / subnets. Typically some outside service tests it periodically.
I saw an individual state he had access because his dad did and he essentially learned how to do such things from his dad. But that is unverifiable so take it as an interesting but potentially false anecdote from a random dude on the internet.
@@md.ishraquebinshafique1968 en.wikipedia.org/wiki/Signalling_System_No._7 Please start there. S7 is the shorthand for Signalling System Number 7. I apologize. I should have made this clearer in the talk.
SS7 expanded beyond a closed network of a few large telcos to interconnections with less trustworthy anybody telcos. The protocol was never designed for untrustworthy interconnections. Once connections were allowed to the less trustworthy, hackers which had access to those connections exploited the lack of security to retrieve and initiate interactions that were never intended to be made by 3rd parties since there was no authentication to determine if such was allowed.
To realise the potency of Shodan at a large scale, notes alone can be painful. If you can develop, go for graphing: like how Bloodhound AD works - ingest tables of info, then draw relationships, query with Cypher.
cool my ass. he plays smart. he has nothing from a real men. everytime he asked a question about something people might know, he did it in such way to portray himself the smartest person in the room, and gave himself credits everytime. wannabes often do this, talk about things they just red somewhere, and be sure ppl know nothing about that so they dont start a conversation. he is a noob compared to real pen testers. and i dont compare myself to him cuz he needs to rank up.
@@homegeographic5351 yipe. I have learned so much from Mr. Jones, it isn't even funny. Something I have found is that putting other people down is actually one of the most common ways that one tries to eleveate themselves, making it look like you are guilty of the same thing you are accusing Mr. Jones of. You seek to be the biggest one in the room, but something I have found that really helps me to improve my skills is to seek out those who know way more than me, and learn from them - Mr. Jones has been one of those, and an amazing mentor.
Around 49:10 8443 & 8080 are much more commonly used by HTTP proxies, forward or reverse. Edit: also 8081 and 8082. See Forcepoint/WebSense, BlueCoat, but also sometimes just Apache.
Hi question, can you download shodan and use it for a closed network? Like an Intranet? Or an offline network? Something that would give you a way to see all local networks running...if not what would you recommend? I have a malware running which I am trying to access but they obfuscate with through the local network. Every time I think I found an ip it’s always local. 😠 Great talk by the way!!
Brian Cluff oh ok nmap. Yeah I used that but it just gave me the local address I described. Is masscan on Kali? I have never seen it. I will look it up. Thanks for the quick reply btw I appreciate it
@@abandonedmuse I am the person in the video. I would recommend using NMAP for local work as well. If you have a system on your network that is doing something odd, you can also look into running something like wireshark on a device like a raspberry pi to monitor what is happening on your network and then act from there.
Retro64XYZ thank you for your reply, yeah I have a ton of info from wireshark but still learning how to use it correctly to get information to make sense. This malware seems really well done and hides a lot of itself as a local network. I took out my hard drive and my usb yesterday and I still found a “recovery boot drive sector” in the computer. No idea how this is happening but it is in two machines mac and windows. One last question, where could information be stored if not on a hard drive?? Would it be in the RAM or the CPU? I need to look further into this.
Amazing video.. I understood most of it even though I just have a a bit of routing and switching knowledge and some basic linux command line stuff. However my main question is what if I just use a dynamic IP on my router and host a website off that using dynamic dns( from what I know that the ddclient will update whatever dynamic IP I will be using to connect to the internet). Will those potentially unsecure devices show up on shodan? Let's say I open a http port on my routers internet facing side that maps to a server on my internal network. Would that show up? Or does this only work for static ip's? From what I understand an IP assigned to a regular broadband user with a dynamic IP is actually shared by multiple users via NAT and there may be multiple levels of NAT. So my guess is those devices wouldn't show up on shodan. Would that be a safer option instead of getting a public IP and running a webcam or other IOT devices that would show up on shodan?
@@oldstone9635 I am working on building some introduction to computing videos. I am editing a video on using Manjaro Linux and installing it right now.
Then i found ipv6 and thats just too much data to collect all that do i quit the project it was a project inwas working on years ago scan all ip v4 and list it in ip and data from that ip that way i can hit search type in a ip and it will tell me all the info about the site without being online
Over a tb just to collect all the meta data from all the sites to use that as a adcan but i did all this at a public wifi because i dont have internet and used proxychains with every online proxy installed on can connect all the meta date from 000.000.000.000 all the ways to 255.255.255.255 and collet all meda data with that ip and if no data present dont save the ip and put that in a loop that will take about a month to complete and will have over a tb worth of data on your comuoter to run a search later and find all info do all i need to do it type something and all the meta data will be searched for and output the ip addresss to got o that site
Oops, sorry. I've fixed the link. (I think that Aaron must have done some rearranging on his website and didn't realize that it would change the URL's for his content.)
There are more 'private internets' around than people think. Tons of SIPR and NIPR type networks in use by lots of folks, government as well as business.
The bad guys did hack my ATT phone and were reading my text msg. I changed phone providers. I wish I knew what to do then because theyre probably hacking others and trying to control them
Not sure what this is in reference to but if I have your ISP and your IP with a date / time range, I can cross reference that data against your bill for an address. Obviously this becomes more difficult if you are sharing your internet with others or are using things like SSH or remote desktop. But your average users have a model, a device, and a public facing IP that can be easily referenced against your billing information. Obviously some folks will say 'but I use a debit card that I had a homeless person buy registered to an off shore bank account blah blah blah...' but that is few and far between. Joe Sixpack doesn't usually buy a debit card from walmart using the homeless to pay for his bills. He uses his credit card, which can be referenced against a billing address, that is probably his home address....
@@Retro64XYZ my friend. given an IP address, finding the no-shit latitude/longitude or billing address where that IP's demarc is, without a subpoena or otherwise ISP cooperation, is a non-trivial task. the information contained in geo-ip databases like maxmind is NOT the literal spot on the ground in almost ANY case, even less so for home ISPs. "public facing IP that can be easily referenced against your billing information" -- by the ISP in most cases in response to a subpoena.
@@Yohadev Yes. www.cox.com/aboutus/policies/law-enforcement-and-subpoenas-information.html typically a member of law enforcement (within the US) will write a warrant. This warrant will be served to your ISP. The ISP will correlate the records that they have between the IP, the modem, and the person that modem was issued to. If the LE was quick enough (like within three years or something - but don't quote me on the exact amount of time you have as it can vary due to several circumstances) they will receive the billing information for the user. This also can be used for further drill down like they did with Dread Pirate Roberts. He used coffee shops so they then served a warrant at the coffee shop and got video of all the folks in the store during the times and dates they had correlated may be him. Then since he was STILL visiting those shops, they eventually drilled down to a handful of folks they thought it could be and used that to help their investigation. www.cox.com/wcm/en/aboutus/datasheet/policies/CoxLawfulInterceptWorksheet.pdf Here are the costs for such intercepts and seizures. I hope these links are allowed.
@@davelogan77 Bakdoring - Sorry you guys dislike my looks. These talks are usually done in the evening after working a full 10-13 hour day. So I often look at these videos and feel bad because I can really see how tired I look. It can be tough to do a full shift and then prepare for a talk, do the talk, and then spend a couple hours answering questions and helping out after the talk. Thanks for the comments though and for watching.
@@davelogan77 try some of these : th-cam.com/video/asmGRJjzmtc/w-d-xo.html for your unboxing videos. And please edit your videos so your family photos, with all those slapable faces, are not on the screen.
I was for 2 hours out of the universe and don't wanted the video to rich the end. Thank you so much I really enjoyed the concept and the way of explaining it.
Correction : I was out of this Universe for two hours and I didn't want the video to reach the End , Thank you so much I really enjoyed the concept , and the way you explained it all .
This has to be the best and most insightful introduction I've ever seen. It feels like a never-ending video resulting in me going "whaaaaaaaaat?" every other minute :D
Thank you!
I fell asleep to this and dreamt I was in an auditorium with my old high school classmates sitting through a "lecture" and they were distracting me from something I found really interesting. It was supposed to be a seminar but a student in the crowd took over and ran the show lol
Instablaster.
I'll
I'm
No I'm in
Ex en
I really like this guy! Very informative without coming across as cocky whatsoever! I'm EXTREMELY new to this stuff but it probably would have been cool to sit in this class and hear him speak in person!
Thanks so much for the kind words. I really appreciate it!
Anytime brotha! Merry Christmas
I searched for shodan from system shock, but then this came up, i have no idea what is this but im here to stay
Excellent Video, I was able to follow along on split screen and do the examples!
Please post more, very informative and educational!!!
Thank you for posting!
Thank you so much for watching!
@@Retro64XYZ do you do any more vids... i used to live in Pho... i wish i could go to your group. I have been to some boring ones, but yours seem to be a ton of fun
@@wickedblue3218 We have a lot of videos up and will still be making more. I am also working on an introduction to installing Manjaro as we speak.
I saw someone makeing a python script using shodan and I wanted more information about how it works . Thank you for posting this very informative video !
Some years ago I quit hacking and security, doesn't matter the reason, and I was miserable. A few weeks ago I decided to start checking out security again and THIS video helped me really decide to go full steam ahead to get myself back to it. Thanks Aaron, you have no idea how much you helped me.
I was wondering if the command line Shodan version is better than the web version, it seems to me that the web version has many pros.
Hope someone can answer this.
GRATE video.
I really like the CLI version of Shodan and I plan to make a video / presentation on it. Thanks so much for the comment and want to welcome you back to the community. I hope things go well and you learn much and teach even more! Have a good one!
44:36 just to add an update here, he states that tw telecom holding and cox communication are running the xp machines. This may not be accurate; in some cases the ISP is provided as the business name. This means they are using cox or TWT as their ISP. It could be CG NAT, so from scanners it appears to be COX or TWT. This is common with ipv4 since ISP's may only have so many ip's to give out.
My teacher brushed over this. I forgot about it to be honest.
Excellent video. Smart guy!
I work in ICS and many older and come modern devices, ONLY have telnet for serial communications. Then you have to lock down the network / subnets. Typically some outside service tests it periodically.
Thanks much for the comment! Telnet is still a very popular protocol to this day when it comes to business related stuff.
I followed along but could not get "postal:" to work kept saying "No results found", no matter the zip.
so before using shodan should you be using the tor browser first then log in to use shodan?
I want to know how these 12 year olds are getting access to S7 networks.
I saw an individual state he had access because his dad did and he essentially learned how to do such things from his dad. But that is unverifiable so take it as an interesting but potentially false anecdote from a random dude on the internet.
@@Retro64XYZ what is an S7 network?
I am such a noob! :'(
Google searches are returning results related to samsung s7 :( :(
@@md.ishraquebinshafique1968 en.wikipedia.org/wiki/Signalling_System_No._7 Please start there. S7 is the shorthand for Signalling System Number 7. I apologize. I should have made this clearer in the talk.
SS7 expanded beyond a closed network of a few large telcos to interconnections with less trustworthy anybody telcos. The protocol was never designed for untrustworthy interconnections. Once connections were allowed to the less trustworthy, hackers which had access to those connections exploited the lack of security to retrieve and initiate interactions that were never intended to be made by 3rd parties since there was no authentication to determine if such was allowed.
To realise the potency of Shodan at a large scale, notes alone can be painful.
If you can develop, go for graphing: like how Bloodhound AD works - ingest tables of info, then draw relationships, query with Cypher.
seems like a cool dude and he's very informative
cool my ass. he plays smart. he has nothing from a real men.
everytime he asked a question about something people might know, he did it in such way to portray himself the smartest person in the room, and gave himself credits everytime.
wannabes often do this, talk about things they just red somewhere, and be sure ppl know nothing about that so they dont start a conversation.
he is a noob compared to real pen testers. and i dont compare myself to him cuz he needs to rank up.
Thank you!
@@homegeographic5351 Sorry to hear you feel that way. I appreciate your comments though and will work harder on educating others.
@@homegeographic5351 yipe. I have learned so much from Mr. Jones, it isn't even funny. Something I have found is that putting other people down is actually one of the most common ways that one tries to eleveate themselves, making it look like you are guilty of the same thing you are accusing Mr. Jones of. You seek to be the biggest one in the room, but something I have found that really helps me to improve my skills is to seek out those who know way more than me, and learn from them - Mr. Jones has been one of those, and an amazing mentor.
wow this is pretty thorough
Around 49:10 8443 & 8080 are much more commonly used by HTTP proxies, forward or reverse.
Edit: also 8081 and 8082.
See Forcepoint/WebSense, BlueCoat, but also sometimes just Apache.
Thank you for the comment! I have also seen forward proxies done through nginx on 8888. Lots of choices!
Could you provide a link to the doc you were referencing that has links to all the pdf's and stuff?
If you're talking about the presentation; there is a link to it in is the description under "follow along at"
help, whats an example of a "banner?"
Hi question, can you download shodan and use it for a closed network? Like an Intranet? Or an offline network? Something that would give you a way to see all local networks running...if not what would you recommend? I have a malware running which I am trying to access but they obfuscate with through the local network. Every time I think I found an ip it’s always local. 😠
Great talk by the way!!
Take a look at masscan or nmap. There are several GUIs for both of them if you need that sort of thing.
Brian Cluff oh ok nmap. Yeah I used that but it just gave me the local address I described. Is masscan on Kali? I have never seen it. I will look it up. Thanks for the quick reply btw I appreciate it
@@abandonedmuse as far as I can tell, masscan is available on just about every distribution.
@@abandonedmuse I am the person in the video. I would recommend using NMAP for local work as well. If you have a system on your network that is doing something odd, you can also look into running something like wireshark on a device like a raspberry pi to monitor what is happening on your network and then act from there.
Retro64XYZ thank you for your reply, yeah I have a ton of info from wireshark but still learning how to use it correctly to get information to make sense. This malware seems really well done and hides a lot of itself as a local network. I took out my hard drive and my usb yesterday and I still found a “recovery boot drive sector” in the computer. No idea how this is happening but it is in two machines mac and windows. One last question, where could information be stored if not on a hard drive?? Would it be in the RAM or the CPU? I need to look further into this.
gr8 vid !!!
thank you great talk
Amazing video.. I understood most of it even though I just have a a bit of routing and switching knowledge and some basic linux command line stuff. However my main question is what if I just use a dynamic IP on my router and host a website off that using dynamic dns( from what I know that the ddclient will update whatever dynamic IP I will be using to connect to the internet). Will those potentially unsecure devices show up on shodan? Let's say I open a http port on my routers internet facing side that maps to a server on my internal network. Would that show up? Or does this only work for static ip's? From what I understand an IP assigned to a regular broadband user with a dynamic IP is actually shared by multiple users via NAT and there may be multiple levels of NAT. So my guess is those devices wouldn't show up on shodan. Would that be a safer option instead of getting a public IP and running a webcam or other IOT devices that would show up on shodan?
yeah you got PAT to where everyone shares and IP and the user is id'd by port #.....hmmm I don't know
I like you for that nice information and advices
Good lecture!
yes, but for me as a beginner I cant understand things like DNS, MANJARO ,API...etc. X_X
@@oldstone9635 I am working on building some introduction to computing videos. I am editing a video on using Manjaro Linux and installing it right now.
A must!
How well and how often and how maliciously do CIA and NSA use Shodan and Shodan-like tools?
do you expect these agencies would reveal that amount of information?
thank u
Why not use proxychains so theres like 100 computers between you and the scan
Not that i would bevele it or not but the total scan size will be in the tb range so i ned finished the scan
Then i found ipv6 and thats just too much data to collect all that do i quit the project it was a project inwas working on years ago scan all ip v4 and list it in ip and data from that ip that way i can hit search type in a ip and it will tell me all the info about the site without being online
Over a tb just to collect all the meta data from all the sites to use that as a adcan but i did all this at a public wifi because i dont have internet and used proxychains with every online proxy installed on can connect all the meta date from 000.000.000.000 all the ways to 255.255.255.255 and collet all meda data with that ip and if no data present dont save the ip and put that in a loop that will take about a month to complete and will have over a tb worth of data on your comuoter to run a search later and find all info do all i need to do it type something and all the meta data will be searched for and output the ip addresss to got o that site
The link to follow along doesn't seem to be working
Oops, sorry. I've fixed the link. (I think that Aaron must have done some rearranging on his website and didn't realize that it would change the URL's for his content.)
And people wonder why for example Russia goes for a private internet.
There are more 'private internets' around than people think. Tons of SIPR and NIPR type networks in use by lots of folks, government as well as business.
anybody know if this was at the AZ cyber warfare range?
I did the talk. It was not.
51:30 , nice save
"Quake server in syria, must be up to no good", "Japanese server name talking to Canadians? Suspicious"
ABS - Always Be Suspicious. =) NBC - Never Be Clicking. DATT - Download All The Things. hahaha =)
The bad guys did hack my ATT phone and were reading my text msg. I changed phone providers. I wish I knew what to do then because theyre probably hacking others and trying to control them
Naw it wasn t the bad guys it was THE FEDS
jesus dude... the ISP doesn't have the lat/long of every dhcp user's house.
Not sure what this is in reference to but if I have your ISP and your IP with a date / time range, I can cross reference that data against your bill for an address. Obviously this becomes more difficult if you are sharing your internet with others or are using things like SSH or remote desktop. But your average users have a model, a device, and a public facing IP that can be easily referenced against your billing information. Obviously some folks will say 'but I use a debit card that I had a homeless person buy registered to an off shore bank account blah blah blah...' but that is few and far between. Joe Sixpack doesn't usually buy a debit card from walmart using the homeless to pay for his bills. He uses his credit card, which can be referenced against a billing address, that is probably his home address....
@@Retro64XYZ
my friend.
given an IP address, finding the no-shit latitude/longitude or billing address where that IP's demarc is, without a subpoena or otherwise ISP cooperation, is a non-trivial task.
the information contained in geo-ip databases like maxmind is NOT the literal spot on the ground in almost ANY case, even less so for home ISPs.
"public facing IP that can be easily referenced against your billing information" -- by the ISP in most cases in response to a subpoena.
@@Yohadev Yes. www.cox.com/aboutus/policies/law-enforcement-and-subpoenas-information.html typically a member of law enforcement (within the US) will write a warrant. This warrant will be served to your ISP. The ISP will correlate the records that they have between the IP, the modem, and the person that modem was issued to. If the LE was quick enough (like within three years or something - but don't quote me on the exact amount of time you have as it can vary due to several circumstances) they will receive the billing information for the user. This also can be used for further drill down like they did with Dread Pirate Roberts. He used coffee shops so they then served a warrant at the coffee shop and got video of all the folks in the store during the times and dates they had correlated may be him. Then since he was STILL visiting those shops, they eventually drilled down to a handful of folks they thought it could be and used that to help their investigation. www.cox.com/wcm/en/aboutus/datasheet/policies/CoxLawfulInterceptWorksheet.pdf Here are the costs for such intercepts and seizures. I hope these links are allowed.
@@Retro64XYZ I wish I could give you more thumbs up for this here. Way to reply with good information!
an introduction to a website? cool.
51:29? what was that? lol
wonder what that was
@@mrpaytonsparks Big Ass monitor :))
@@mothernature2077 Lol... Sorry. =)
System shock
Scary SUPREMEST 🥶
What a juicy bear!
"Bomb, bomb bomb... Bomb, Bomb, 39:06 "
The Wallpaper Review Channel I see what you did there.
Holy fuck that add at 7:36. Looks like a human trafficking operation.
censored at 12:45.
It was just the wireless mic cutting out for some unknown reason.
Sorry about that. Sometimes we have issues with the equipment but we try to be as censor free as possible! Thanks for the comment!
epic
?
What of Shazam lol
Really, the audio snaps are just unbearable. Content is interesting but it just can’t be watched.
He got a huge ego
Bakdoring ...and a slapable face.
@@davelogan77 Bakdoring - Sorry you guys dislike my looks. These talks are usually done in the evening after working a full 10-13 hour day. So I often look at these videos and feel bad because I can really see how tired I look. It can be tough to do a full shift and then prepare for a talk, do the talk, and then spend a couple hours answering questions and helping out after the talk. Thanks for the comments though and for watching.
Retro64XYZ Apology not accepted, fix the face, or I ain’t watching. Here, try this: th-cam.com/video/EqGA-U-UmVM/w-d-xo.html
@@davelogan77 try some of these : th-cam.com/video/asmGRJjzmtc/w-d-xo.html for your unboxing videos. And please edit your videos so your family photos, with all those slapable faces, are not on the screen.
He earned that ego