After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.
Dressing the part helps too. Watching this made me realise how many situations I have been in that people have trusted me with no reason to and half the time it is because it was what I was wearing that did it.
@@JehuMcSpooran a clipboard and a vest will get you anywhere, but at the same time I've heard cool stories of pentesters getting access to the most secure buildings while wearing completely unfitting clothing because they were trying to push how far they can go before getting caught edit: like just look at 1:01:38 haha
What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!
As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.
I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it. It's all about legal consent to pentest, social engineering and then the tech knowledge. And there is always more to learn.
I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.
I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!
Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!
Hey, I know that you don't know me, but, I'm interested in starting a company in my area. I'm just getting started, haven't even done a ctf or bug bounty, even. I was wondering how you are doing about a year in? Good luck and hope to hear from you soon
I enjoy the chat, but to be honest I would love to see a more to the point video that highlights the hardware, and its general use; rather than a long protracted conversation about his experience in the field, and more so a nuts and bolts of what he actually uses regularly.
David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.
Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.
I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On. I recommend this video to anyone who truly wants to be the best they can be.
0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something
i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.
Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.
@@brokeyoutuber lmao... I got into computers when I was like 15 in the mid-90s. I definitely wasn't a programmer/hacker but I WAS very interested in the subject. Occasionally I'd buy a 2600 and flip through it, reading a lot but digesting little. Anyway, the ONE system I ever got into myself without just guessing or using default passwords on random telenet machines or local dial-up systems was a big-name University's system. Ended up "hacking" into one of their machines by using what was probably the easiest method any "script-kiddie" could use, the "PHF exploit". Found your comment about 'damn vulnerable colleges" kinda funny, heh.
I've been in IT for almost three months now and it is wild how many people are trusting of me with their password to their account when doing password resets. They get frustrated making a new password that they either ask me to do it for them or write it down for them. They think just because I am in IT that I am trustworthy - not to say I am not but I digress.
One neat thing that works very well is sending an email saying you have been tagged in a post. Works 97% on women and sometimes on men. A coworker took it after watching a social media documentary.
Well, to do 5000 penetration test in a span of 8 years would mean he was doing about 12 a week, on a 5 day week, that's 2.4 / day, and a 6 day week, 2 / day. How long does a penetration test take because if he did 5000+, then of course those numbers per day will up. I used 8 years because he said 7+ years, meaning more than 7 but less than 8. I'm not trying to troll by any means, just that I've found that when people are asked about their experience, they tend to exaggerate dramatically. Yes, maybe he has done a lot, certainly more than the average viewer I would imagine, but those numbers seem a little high, but knowing the time it takes to do a single, thorough penetration test would be helpful. My preliminary research is showing from a minimum of 1 day to weeks depending on the complexity of the environment, number of hosts, number applications being used, ect.
Step1: Create a methodology Step2: Do a manual pentest on one target Step3: Automate that whole process using bash/python script Step4: Run and Improve that bash/python over time based on new target And Boom, you have a cool automation script which can do 5k pentest in a day as well
Because it aint 7+ years but rather more than a decade. He has been doing this for more than a decade, not 7+ years. 7+ years is the time he spent in 1 of the organisations, probably the military. It is an estimate over the whole lifespan of his career.
You also have to consider the fact that he’s totally spit balling how many tests he’s done. Let’s say he’s only done 3200. Over that time span would you really expect that he would, off the top of his head, differentiate between 3200 and 5000?
I have started studying in Cybersecurity, when I watch this discussion and compare it to what I am reading now days, its huge difference. I hope Neal shares more of his knowledge to the people like me who are new in this field.
David, a huge thank you to yourself and Neal for taking the time to make such a great and educational video. I'd have to say this is one of your best videos that I've seen, and we all know how high quality all your other ones are !
After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!
Him: "I've done like 5000 pen tests.. multiple tests every week, for 7 years." Reality: 3 per week x 52 weeks x 7 years = 1092 tests. He'd actually have to do 3 per day.
The only way I could see this being the case is if he means he counts nmap and a sql injection as 2 different "pen tests". Either way this was annoying
Well, I think what he meant is managed those number of pentests, it's been like 14 years for me as well... and have managed/conducted over 6-8k tests myself..
As someone who make and configure access control cards, if you have a large group of cards you can definitely tell a lot about a system from it, but you have to combine that with the type of reader etc. Certain type of readers can read certain type of cards, and combined with looking at LED patterns etc you can often see what backend system they use. As long as they use the cards serialnumber and not cards that have encrypted sectors or filesystems, you can get a lot of information from having a bulk of cardnumbers. Usually to be able to make cards for any given system you need 1-100 cards to be able to program new cards from scratch. For standard systems 1 card is often enough. But apart from that there is often a lot easier to just hook on to the comms cables from the card reader if they are accessible and just read & insert the raw signal for the card number between the card reader and the backend system.
5000 pen tests? Even if you conducted 1 pentest a week for a year ( 52 tests a year). It would take 96 years. If you were looking at 5 applications a week (260 a year) that’s still 19 years. Something doesn’t make sense.
Imagine thinking the military gives you a weekend on a deployment. Imagine thinking it’s impossible to do just because you are incapable of doing it yourself.
Each attack vector is counted as a test. Entering the building, gaining access to a computer, gaining access to the network, downloading data, and leaving the premises without ring challenged, would count as five tests. That could take less than an hour. Going back into the premises to retrieve equipment or data is going to count as a whole lot more tests. So 5,000 tests is not necessarily 5,000 separate premises tested, more like 500.
I like watching your videos. I didn't know squat about coding, programming, telecommunications... I started looking into it bc my phone was hacked and I wanted to learn how it happened so I know what to look for and how to stop it. I'm learning more than I expected and I like how it's explained in a way that even someone like myself can understand
Correctly formatted and grammatically correct list of TimeStamps Menu: 00:00 Introduction 01:17 Neal sees pentesting differently 02:00 Neal's advice from experience 03:18 Neal's 5,000 pentests 04:30 Take NSA and experience 05:10 Preparation is key 05:50 OSINT 06:30 Actual Pentest report 07:50 Pretexting 08:45 Another real-world example 09:30 Planning is very important 10:15 Leave stuff in your car? 11:55 Right tools for the job 12:05 Top tools 12:30 Extra cables 12:58 Hak5 Ethernet cable 13:10 Is Hak5 a necessity 13:57 Rubber Ducky 14"30 Hak5 are great 15:00 Real-world example of equipment 15:30 You can create your own stuff 16:10 Your time is money 16:30 Proxmark 17:30 Crazy RFID reader 18:50 Poor planning RFID example 20:20 Your time is worth something! 21:00 Hone your tradecraft 21:20 Proxmark explanation 21:50 A reader doesn't give you access. You need a pretext 23:50 Social engineering 25:50 You need a story 26:04 Social Engineering vs tech 29:00 Physical access is king 30:00 What to do once past the door 31:19 Military facility pentest 33:27 Look for a network port 34:49 You want to get out of there 35:04 Hak5 Lan turtle 36:35 Back of computer vs switch 37:32 Pop it into the back of the computer 38:11 What about WiFi 38:50 TP-Link WiFi Card 39:50 Ubertooth 40:50 HackRF One 41:56 Hak5 Pineapple 42:09 SDR 43:00 Real-world example 44:13 Alfa Network Adapter 44:50 Wifi Hacking 44:49 Alfa not practical so much 46:20 You cannot charge for a WiFi pentest 47:17 You are making it real 47:45 WiFi can be social engineering 48:47 Captive portal 49:40 Rogue Access point 50:40 Real-world wifi pentest example 51:30 Port Security 51:57 Hak5 Pineapple access corporate network 52:34 Always social engineering 53:00 Pyramid of pain 53:14 Stuxnet 54:45 Telsa attack 55:07 NSA examples 56:32 Human Intelligence Hacking Example 58:40 Another hacking example 1:00:18 WiFi hacking example 1:01:32 Neal's photo while hacking: 1:03:22 Once inside, you are trusted 1:03:40 Summary of devices 1:03:55 Hak5 switch 1:04:08 Extra cables 1:04:15 Hak5 Rubber Ducky 1:04:30 Hak5 Pineapple 1:04:54 Hak5 Bash Bunny 1:04:58 Hak5 Packet Squirrel 1:06:26 Ubertooth 1:06:31 Proxmark 1:07:00 Value of networking knowledge 1:07:32 Neal got his CCNA 1:08:50 Very few companies use port security properly 1:10:08 Cain and Abel 1:11:00 Are zero-days worth it 1:12:05 Shiny objects vs Neal's wisdom 1:13:37 Real-world hard talk 1:14:25 What do you recommend 1:16:55 Neal and David going to do something
On the subject of the key cards, thats where the social engineering side of things comes into play. You would simply have to find out which people have what access by watching the coming and going of personelle, which windows you see them by, and which doors you see them use most often. Then setup a scan of that person's card to make it where you want to be.
I revisit this one video often when I need to recalibrate my thinking & approach... a great way to pause & reflect very useful for taking some time to check our mindsets ... thankyou for a very therapeutic conversation... keep pushing forward everyone 🙌🏽💗
Hi David, thank you for making everything possible & easy for beginners by asking & explaining every single detail. Can you make a video about Raspberry pi? Setup & installation of Kali linux? And maybe some of your amazing ideas about pentesting?
Knowledge Wisdom (also not intelligence...) This is a valuable understanding that the vast majority in any field is sorely lacking today. Most people have very little wisdom until they're around 30+ years old unless your field of expertise is not complicated in any way. A college degree(or certifications) certainly does not provide you with wisdom. Knowledge is extremely important, but without the ability to put it to practice usefully, it's not worth much.
When I finally horn my trade on this path I will have David Bombai and Neil’s pics hanging on my office wall like the President and Governor’s official portraits do in most offices. I have gotten some loads of knowledge ever since I know this channel. A thousand thanks
Thank you so much for these. I love how you not only demonstrate, but ask and share how to learn what you’re demonstrating. That’s what makes your channel so much different. 😀🥳
It always amazes me how far you can get with social engineering and knowing how people react. So here is my example from a pen test I did years ago. First, I made a bad copy of an employee ID, picture, logo, and wording was in the right place but logo color was a bit different and the writing was not the same. Put the ID on an ID belt clip and clipped it on my belt in such a way that it was close to my crotch. People will not spend time scrutinizing your crotch, they will give it a glance and if it looks ok at a glance they accept it. I then walked in with some smokers. Sometimes called ghosting into the building. Once inside I grabbed a clipboard with some paper on it that was sitting on an unoccupied desk, though it worked with a folder or a notepad as well, and proceed to wander the building like I was lost. I was stopped by a nice lady who asked if she could help me. I told her it was my first day and there was no computer at my desk. My new boss told me to go to the IT department but I dont see it on this floor. She was nice enough to tell me I got off the elevator on the wrong floor and give me directions to the IT department. Once at the IT department I walked in like I owned the place, clipboard in hand and asked "Whos the domain Admin?" I was pointed at a lady who handled AD and told her "The company hired me to do a pen test." (That part is true) "Now I have software that will get me the SAM login database but when I run it, it causes the AD server to blue screen." (This is BS as I didnt have some magic software to do it) "While that is actually part of the pen test they hired me to do, I thought I would come meet the admin and see if they were willing to say I did it and just plug in this USB stick and copy the SAM database file on to it." She took the USB stick from my hand, had me follow her to the server room and plugged it directly into one of the AD servers. When I asked why we had to do it from the AD server she let me know that they disabled all the USB ports on the desktops so we had to do it at the server. Best part was that with the SAM DB and some common software, I ended up cracking all but 2 passwords. On a company with 25k employees. I didn't even try to connect to the wifi or plug anything into the network. I did that part much later. You can imagine how that report went. lol Loved the video and agree, social engineering is a huge part of pen testing.
There are places where such easy entry would be impossible. I being former Military - Airforce [30 years service] have a close friend who is a retired NAVY POLICE Officer. We were discussing aspects of security - He related a story of a NAVAL bus with some 25 personnel on board at the entrance barrier awaiting to be escorted in -- The Particular NAVY POLICE Officer mentioned - made the bus wait until he had scrutinized every ID and validated that it is genuine. He has refused entry to High Ranking officers who failed to carry and present proper ID - even if he recognizes their face - The basis is that they may have been discharged from the Service on the previous day - and would require special authorization to obtain entry. -- Now for you intelligent people - explain the difference between: NAVY and Navy APPLE and Apple ON and on/On To give you a heads up start - They sound the same but that does not mean they are the same.
20:57 so I just got into hacking and pentesting recently and I don´t really have a lot of money, but I have time. I wanted a rubber ducky, but it was too expensive for me, and i found the pico ducky project. So I bought a raspberry pi pico and started the project. It didn´t take me too long to make it work, it was pretty fun to do and a lot cheaper than a real rubber ducky. Also I learned a lot, and the raspberry pi pico seems to have a lot more applications than a rubber ducky. So yeah, I agree that time is money, and that your time has value, but if you have time, wanna learn new things or just don´t have a lot of money maybe the DIY is a good choice.
This was the best video I have found for how to get into cyber security. It made me believe I can finally make a career change and get that first job as a pen tester. Off to start that INE course!
Him: "I socially engineered the hotel when I got there to get a room with a window that faces the target" Reality: I'd like to book a room that faces um .. West. Hotel: No problem sir, here's your room key. Him: Hacked!!!
This is fantastic. I like the down to earth critique of zero days. A book I’m reading now, “This is how they tell me the world ends” is all about zero days and how the world’s networks are all completely vulnerable because of them ( I haven’t finished it yet, though). I would like to have heard, though, if Neil was ever unsuccessful via social engineering to gain physical access to a company.
1:08:00 im really shocked, even my home network has isolated Lan to W-Lan while the password-secured W-Lan is isolated against the puplic acessible W-lan. And this is not cause im paranoid or have stored valueable things on Computers but it´s simply default by the Internet acess router and active until you change them to make such wired bridgings.
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and TH-cam didn't like them... so I had to remove the video :(
Thank you for sharing real-life experience and a breakdown of what each tool does. Best of all real-life applications. I just started taking classes and I've learned more in this interview than in the 6 months of classes. This is incredibly informative for me as a newbie. Thank you David and Neal for taking the time to make this video.
On a complete side note, I Absolutely loved seeing a V-22 on a cybersecurity video. its as if my two life paths crossed. Thank you for these videos, it keep a feller like me going during a career transition.
I mean come on guys, why do u have to say such a bullshit number like 5000 pentest? How? 5000 days is almost 14 years. This would mean that you had done a single pentest in a day for almost 14 year EVERY day. Like...why are saying such a dumb number? :D
The picture of Neal with the security guard in the background made me think of a time I saw how trusting people can be. I was at a 2600 meeting on the patio of a coffee shop, myself and another attendee were talking about all manor of old tricks that used to work. A guy at an adjacent table, not there for the meeting, and who neither one of us had ever even spoken to was doing something on his laptop, looked over to us and asked if we could watch his stuff while he went inside and got a refill. The guy I was talking to said “no problem, it’s not like we’re hackers at a hacker meeting or anything like that.” The laptop owner chuckled, and left his laptop there with us for the next few minutes. We didn’t do anything because we were both too busy laughing our asses off and complaining that we’ve never had access that easy.
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and TH-cam didn't like them... so I had to remove the video :( Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests. Menu: 0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something ======================= Buy Hak5 coolness here: ======================= Buy Hak5: davidbombal.wiki/gethak5 ============================ Buy ShareBrained Technology: ============================ PortaPack: www.sharebrained.com/ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal ================ Connect with Neal: ================ TH-cam: th-cam.com/users/cyberinsecurity LinkedIn: www.linkedin.com/in/nealbridges/ Twitter: twitter.com/ITJunkie Twitch: www.twitch.tv/cyber_insecurity Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
I work for a telecom. It would boggle your mind how many businesses have allowed access and left me alone into their switch room simply by saying I was there to check on equipment. Of course, I actually did need to check equipment, but many times this is without anyone at the company being notified or requesting a call from us. Even easier, I can pull internet from the street, then walk in, say we're having an outage and I need access into their data rack, and boom I'm in. Of course I'm not doing anything nefarious, but it always amazes me where I've been let into.
It isn't mind-boggling - most people just don't care enough to bother checking things. Social engineering is a dumb term - you are basically just running a confidence game - assert like you are where you are supposed to be and people don't question it. The biggest flaw in security is the lowly paid or over worked person who really is just going about their mundane day to day trying to make a paycheck.
Great video! As a young person who wants to get into pentesting and cybersecurity for a career this video was incredible. Especially interesting how much emphasis Neal put on social engineering. Would love to see a conversation with Neal on how to develop social engineering skills and how people in this field learn to social engineer in person. The problem I see with learning social engineering is that you could very easily be arrested (or serious trouble) for trying to use the skills without permission from the companies (obviously). But it seems unlikely that a pentesting firm will hire and train someone who has very little to no social engineering skills. (especially for younger people who don't have as many years of experience working in cybersecurity). Thanks again for the great video!
Get a cs degree, do your comptia or IBM certificate and get you a society or company that backs you up and your good to go. As long as you can identify yourself as a whitehat you shouldn't get serious trouble.
Great video! I have many of those same tools, even the exact same TPLink wifi stick. I also always carry a CrazyRadio PA for mousejack attacks. It's astonishing how many computers STILL use wireless keyboards and mice that are vulnerable to mousejack.
One thing I’ve always wondered about is how solarwinds became so popular with government agencies. I didn’t know the Air Force was a starting point for NSA analysts. I’m curious if the government can require their vendors pass a pentest run by someone like this. I feel like it would make us all a little bit safer at the end of the day. Thanks guys! Great vid!
Learning is a process which some people can only understand and pull knowledge only after the process is completed and they got through it. For instance, lots of people find building the tools is a cool part of the job, and they will be right if the job is to build the tools. If you are the operator, you only need to understand the tool in order to adjust it if you need on the field. I was one of those passionate people who wanted to do everything and tied to be everywhere. Until I found out I spend way too much time for the results I am getting. So I focused to get results and let other people do some of the work
One of the reason why I have a big bag of tools and different stuff is because the company or location might not be weak to todays tools or exploites but early versions. So depending on the test and what and where you are. More tools might be necessary for different approaches
Incredibly intriguing! I work help desk and have always wondered on the equipment/methods pentesters actually use as it is something I'd love to do someday. I learned a lot about pentesting and learned an incredible amount on social engineering and just general security awareness from this stuff. Thanks again.
I think wireless will come back in a sense with the IoT, people not understanding that those devices should be kept totally separate from any other network due to their insecurities and the lack of understanding on what the devices actually do and the information they collect and use. Also that often these devices can be external of a building, so to get actual physical control of them is not that difficult, and as such allowing you to obtain the wireless information for the rest of the network from physical access to one small device.
Gosh what a great discussion here. You guys should team up and come up with some courses. I just bought Davids Networking course on Udemy and it's so next level. The only course you will ever need..really. Thanks guys for sharing you're knowledge.
I'm just trying to think of ways that you would potentially slow down someone like this, once they are in the building. Locking the port security down to the fixed MAC address of the static pc at all the work stations, was my first thought, and having all the communal area network ports locked down to a 'communal area' vlan with, say, only web access and RDP was my second thought.
I don’t know how I came across this video but I’m so glad I did because I know nothing about this stuff but now I want to know EVERYTHING. This is so cool!
Seems like, rather than gathering knowledge, it's better to practice discerning who has the higher quality knowledge, and seeking out those sources sooner, setting aside all the lower quality sources. Feels like this is what the application of Wisdom looks like, when trying to advance in a Cybersecurity career, or any career for that matter. Seems like rather than asking "What should I be thinking and doing to get better?", maybe ask, "How can I think differently, and who might help me see what I cannot see on my own?". I say these things because in my lifelong journey as a student in many fields, what has helped me learn faster was never doing more work, but applying lessons gained from carefully observing the work of others more skilled than I am, and asking myself questions about 'what', 'how', and 'why' things are happening as I observe them. This paradigm replaces and outweighs the value of an entire encyclopedia of knowledge studied over a lifetime. And, David, and Neal are acting out this very process in real time to help the viewers get the feel of what it's like, rather than explicitly stating it. It's Golden Info. Thanks again guys.
I had a network instructor who liked to add a psudo level of osi model called the "people layer" which is and was demonstrated to be the most reliable point of entry for hackers. Social engineering, like physical access is king.
I worked for a federal cyber center. We did lot's of testing kinda like what was described. The number 1 thing in my "bag" for social engineering is the wheelchair I use. Nobody wanted to confront me, I could just make the door hard to open and without fail somebody would come open it up, no badge needed. The only is a bald guy in a wheelchair isn't exactly "gray man" material.
So for the internal pentest it's EC-COUNCIL Storm mobile security toolkit and for external pentest it's Hak5 red team field kit with supplies, especially have a Microsoft surface go 3 and apple MacBook air current edition with ellipal titan 2.0
This is absolutely fascinating to me. Before I fell in love with cyber security and hacking and what not. I was a touring Musician playing with Guitar in multiple bands. And one of the common theme is gear, I feel like sometimes these people put the gear over the player. Coming to the computer world is completely different I feel like the correct me if I’m wrong it seems like a computer folks really want what gets the job done and that’s it. We don’t care as much about having to be the best or the most expensive.
I set up Enterprise Wireless that easily detected and alerted Rouge wireless points. But the main Highway was 20 ft from one side of the building trucks and cars that have their own hot-spots overwhelmed the admin who could possibly look in real time at all the alerts. Basically we had to ignore the access points on that Highway side of the building.
After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.
Dressing the part helps too. Watching this made me realise how many situations I have been in that people have trusted me with no reason to and half the time it is because it was what I was wearing that did it.
Richard Marcinko talked about how easy it was to get anything done on a US base just by being nice and wearing a Navy sweater or something like that.
@@JehuMcSpooran a clipboard and a vest will get you anywhere, but at the same time I've heard cool stories of pentesters getting access to the most secure buildings while wearing completely unfitting clothing because they were trying to push how far they can go before getting caught
edit: like just look at 1:01:38 haha
The worst to Neal.
Spying on friends and allies is not tolerable.
Hope he gets arrested when he crosses the German border.
What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!
Thank you Akan! I appreciate that :)
True well said. He exactly asked what came to my mind :)
❤seems like David is in my head. Any question that comes into my head is always asked by david💖Thank you for helping us the beginners
@Ostia Hermes if the nsa wanna hack you, no router in the world is gunna stop them.
@Ostia Hermes most likely high end Cisco routers and firewalls but that's overkill for a SOHO
As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.
David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.
I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it.
It's all about legal consent to pentest, social engineering and then the tech knowledge.
And there is always more to learn.
Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!
I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.
🤔 I guess the movies got it right 💁 lol this reminds me of I spy
I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!
I love how David knows all the details but asks the questions Noobs like us would! Thank you David!
Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!
Hope your business is going well
Good Luck !!
Hey, I know that you don't know me, but, I'm interested in starting a company in my area. I'm just getting started, haven't even done a ctf or bug bounty, even. I was wondering how you are doing about a year in? Good luck and hope to hear from you soon
I enjoy the chat, but to be honest I would love to see a more to the point video that highlights the hardware, and its general use; rather than a long protracted conversation about his experience in the field, and more so a nuts and bolts of what he actually uses regularly.
David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.
Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.
Sysadmin here taking notes ;)
If you do two pentests per week (which is a lot), it will take you nearly 48 years to perform 5000 🤨
he does one for breakfast and one for dinner. 5k. it's bs
yeah I do think that is an over exaggerated hyperbole.... I do not think that is truthful as well...
I think he does pentest with large scope and counts them as more pentests. but otherwise it is indeed BS
I guess you were never in the military.
Was doing the same math, a hilarious claim.
As someone who is just starting their career/interest at a local college, this is so amazing. Thank you so much.
I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On. I recommend this video to anyone who truly wants to be the best they can be.
0:00 ▶ Introduction
1:17 ▶ Neal sees pentesting differently
2:00 ▶ Neal's advice from experience
3:18 ▶ Neal's 5,000 pentests
4:30 ▶ Take NSA and experience
5:10 ▶ Preparation is key
5:50 ▶ OSINT
6:30 ▶ Actual Pentest report
7:50 ▶ Pretexting
8:45 ▶ Another real world example
9:30 ▶ Planning is very important
10:15 ▶ Leave stuff in your car?
11:55 ▶ Right tools for the job
12:05 ▶ Top tools
12:30 ▶ Extra cables
12:58 ▶ Hak5 Ethernet cable
13:10 ▶ Is Hak5 a necessity
13:57 ▶ Rubber Ducky
14:30 ▶ Hak5 are great
15:00 ▶ Real world example of equipment
15:30 ▶ You can create your own stuff
16:10 ▶ Your time is money
16:30 ▶ Proxmark
17:30 ▶ Crazy RFID reader
18:50 ▶ Poor planning RFID example
20:20 ▶ Your time is worth something!
21:00 ▶ Hone your tradecraft
21:20 ▶ Proxmark explanation
21:50 ▶ A reader doesn't give you access. You need a pretext
23:50 ▶ Social engineering
25:50 ▶ You need a story
26:04 ▶ Social Engineering vs tech
29:00 ▶ Physical access is king
30:00 ▶ What to do once past the door
31:19 ▶ Military facility pentest
33:27 ▶ Look for a network port
34:49 ▶ You want to get out of there
35:04 ▶ Hak5 Lan turtle
36:35 ▶ Back of computer vs switch
37:32 ▶ Pop it into the back of the computer
38:11 ▶ What about WiFi
38:50 ▶ TP-Link WiFi Card
39:50 ▶ Ubertooth
40:50 ▶ HackRF One
41:56 ▶ Hak5 Pineapple
42:09 ▶ SDR
43:00 ▶ Real world example
44:13 ▶ Alfa Network Adapter
44:50 ▶ Wifi Hacking
44:49 ▶ Alfa not practical so much
46:20 ▶ You cannot charge for a WiFi pentest
47:17 ▶ You are making it real
47:45 ▶ WiFi can be social engineering
48:47 ▶ Captive portal
49:40 ▶ Rogue Access point
50:40 ▶ Real world wifi pentest example
51:30 ▶ Port Security
51:57 ▶ Hak5 Pineapple access corporate network
52:34 ▶ Always social engineering
53:00 ▶ Pyramid of pain
53:14 ▶ Stuxnet
54:45 ▶ Telsa attack
55:07 ▶ NSA examples
56:32 ▶ Human Intelligence Hacking Example
58:40 ▶ Another hacking example
1:00:18 ▶ WiFi hacking example
1:01:32 ▶ Neal's photo while hacking
1:03:22 ▶ Once inside, you are trusted
1:03:40 ▶ Summary of devices
1:03:55 ▶ Hak5 switch
1:04:08 ▶ Extra cables
1:04:15 ▶ Hak5 Rubber Ducky
1:04:30 ▶ Hak5 Pineapple
1:04:54 ▶ Hak5 Bash Bunny
1:04:58 ▶ Hak5 Packet Squirrel
1:06:26 ▶ Ubertooth
1:06:31 ▶ Proxmark
1:07:00 ▶ Value of networking knowledge
1:07:32 ▶ Neal got his CCNA
1:08:50 ▶ Very few companies use port security properly
1:10:08 ▶ Cain and Abel
1:11:00 ▶ Are zero days worth it
1:12:05 ▶ Shiny objects vs Neal's wisdom
1:13:37 ▶ Real world hard talk
1:14:25 ▶ What do you recommend
1:16:55 ▶ Neal and David going to do something
yes bro its literally in the description..
@@StfuSiriusly ik i copied from their..just for my convience like i cantt go o description all the time again and again
i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.
Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.
Those damn vulnerable collages
@@brokeyoutuber lmao... I got into computers when I was like 15 in the mid-90s. I definitely wasn't a programmer/hacker but I WAS very interested in the subject. Occasionally I'd buy a 2600 and flip through it, reading a lot but digesting little. Anyway, the ONE system I ever got into myself without just guessing or using default passwords on random telenet machines or local dial-up systems was a big-name University's system. Ended up "hacking" into one of their machines by using what was probably the easiest method any "script-kiddie" could use, the "PHF exploit". Found your comment about 'damn vulnerable colleges" kinda funny, heh.
This man David Is too sensible with his questions, the best I have seen so far
I've been in IT for almost three months now and it is wild how many people are trusting of me with their password to their account when doing password resets. They get frustrated making a new password that they either ask me to do it for them or write it down for them. They think just because I am in IT that I am trustworthy - not to say I am not but I digress.
One neat thing that works very well is sending an email saying you have been tagged in a post. Works 97% on women and sometimes on men. A coworker took it after watching a social media documentary.
Well, to do 5000 penetration test in a span of 8 years would mean he was doing about 12 a week, on a 5 day week, that's 2.4 / day, and a 6 day week, 2 / day. How long does a penetration test take because if he did 5000+, then of course those numbers per day will up. I used 8 years because he said 7+ years, meaning more than 7 but less than 8. I'm not trying to troll by any means, just that I've found that when people are asked about their experience, they tend to exaggerate dramatically. Yes, maybe he has done a lot, certainly more than the average viewer I would imagine, but those numbers seem a little high, but knowing the time it takes to do a single, thorough penetration test would be helpful. My preliminary research is showing from a minimum of 1 day to weeks depending on the complexity of the environment, number of hosts, number applications being used, ect.
Step1: Create a methodology
Step2: Do a manual pentest on one target
Step3: Automate that whole process using bash/python script
Step4: Run and Improve that bash/python over time based on new target
And Boom, you have a cool automation script which can do 5k pentest in a day as well
Because it aint 7+ years but rather more than a decade. He has been doing this for more than a decade, not 7+ years. 7+ years is the time he spent in 1 of the organisations, probably the military. It is an estimate over the whole lifespan of his career.
You also have to consider the fact that he’s totally spit balling how many tests he’s done. Let’s say he’s only done 3200. Over that time span would you really expect that he would, off the top of his head, differentiate between 3200 and 5000?
7 plus years plus a decade in the military doing offensive cyber operations. So for 17 years definitely seems like 5000 is a plausible number.
I last about 30 seconds
I have started studying in Cybersecurity, when I watch this discussion and compare it to what I am reading now days, its huge difference. I hope Neal shares more of his knowledge to the people like me who are new in this field.
David, a huge thank you to yourself and Neal for taking the time to make such a great and educational video. I'd have to say this is one of your best videos that I've seen, and we all know how high quality all your other ones are !
After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!
Cannot wait for OSINT video. I am so in to it right now
Yes!
100% OSINT is amazing, would also love to see OTS and social engineering conversations.
The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos
Him: "I've done like 5000 pen tests.. multiple tests every week, for 7 years."
Reality: 3 per week x 52 weeks x 7 years = 1092 tests.
He'd actually have to do 3 per day.
That bugged me so much lol
The only way I could see this being the case is if he means he counts nmap and a sql injection as 2 different "pen tests". Either way this was annoying
@@paullees6687 Alternatively, 3 per week would only take him 35 years, without a break.. so maybe he started when he was a baby ..
@@carmodity this guy's the Steven segal of pen testers.
"Relax. I've been pen testing for like 50 years"
Well, I think what he meant is managed those number of pentests, it's been like 14 years for me as well... and have managed/conducted over 6-8k tests myself..
As someone who make and configure access control cards, if you have a large group of cards you can definitely tell a lot about a system from it, but you have to combine that with the type of reader etc. Certain type of readers can read certain type of cards, and combined with looking at LED patterns etc you can often see what backend system they use.
As long as they use the cards serialnumber and not cards that have encrypted sectors or filesystems, you can get a lot of information from having a bulk of cardnumbers. Usually to be able to make cards for any given system you need 1-100 cards to be able to program new cards from scratch. For standard systems 1 card is often enough.
But apart from that there is often a lot easier to just hook on to the comms cables from the card reader if they are accessible and just read & insert the raw signal for the card number between the card reader and the backend system.
5000 pen tests? Even if you conducted 1 pentest a week for a year ( 52 tests a year). It would take 96 years. If you were looking at 5 applications a week (260 a year) that’s still 19 years. Something doesn’t make sense.
I guess some were automated tests
I agree.He was prob exaggerating.
Typical AF writing when you have a team of 10 and they each do a pen test then you just did 10.
Probably did dozens of tests while training. Could be doing 5 a day in some cases.
I stop watching after the first 10 mins of noting but how good thr guy is... OK bro enough self glory already, let's see the tools 😒
The amount of knowledge and information in this 1 hour is unreal! I was so amazed to find how a professional do its job thanks so much for this video
To do 5000 pen tests in 8 years, he'd have to average over 2 per day (assuming he worked 5 days per week).
It's called talking out of your ass. The whole hacker community was making fun of this on Twitter.
Imagine thinking the military gives you a weekend on a deployment.
Imagine thinking it’s impossible to do just because you are incapable of doing it yourself.
Each attack vector is counted as a test. Entering the building, gaining access to a computer, gaining access to the network, downloading data, and leaving the premises without ring challenged, would count as five tests. That could take less than an hour. Going back into the premises to retrieve equipment or data is going to count as a whole lot more tests. So 5,000 tests is not necessarily 5,000 separate premises tested, more like 500.
I like watching your videos. I didn't know squat about coding, programming, telecommunications... I started looking into it bc my phone was hacked and I wanted to learn how it happened so I know what to look for and how to stop it. I'm learning more than I expected and I like how it's explained in a way that even someone like myself can understand
Correctly formatted and grammatically correct list of TimeStamps
Menu:
00:00 Introduction
01:17 Neal sees pentesting differently
02:00 Neal's advice from experience
03:18 Neal's 5,000 pentests
04:30 Take NSA and experience
05:10 Preparation is key
05:50 OSINT
06:30 Actual Pentest report
07:50 Pretexting
08:45 Another real-world example
09:30 Planning is very important
10:15 Leave stuff in your car?
11:55 Right tools for the job
12:05 Top tools
12:30 Extra cables
12:58 Hak5 Ethernet cable
13:10 Is Hak5 a necessity
13:57 Rubber Ducky
14"30 Hak5 are great
15:00 Real-world example of equipment
15:30 You can create your own stuff
16:10 Your time is money
16:30 Proxmark
17:30 Crazy RFID reader
18:50 Poor planning RFID example
20:20 Your time is worth something!
21:00 Hone your tradecraft
21:20 Proxmark explanation
21:50 A reader doesn't give you access. You need a pretext
23:50 Social engineering
25:50 You need a story
26:04 Social Engineering vs tech
29:00 Physical access is king
30:00 What to do once past the door
31:19 Military facility pentest
33:27 Look for a network port
34:49 You want to get out of there
35:04 Hak5 Lan turtle
36:35 Back of computer vs switch
37:32 Pop it into the back of the computer
38:11 What about WiFi
38:50 TP-Link WiFi Card
39:50 Ubertooth
40:50 HackRF One
41:56 Hak5 Pineapple
42:09 SDR
43:00 Real-world example
44:13 Alfa Network Adapter
44:50 Wifi Hacking
44:49 Alfa not practical so much
46:20 You cannot charge for a WiFi pentest
47:17 You are making it real
47:45 WiFi can be social engineering
48:47 Captive portal
49:40 Rogue Access point
50:40 Real-world wifi pentest example
51:30 Port Security
51:57 Hak5 Pineapple access corporate network
52:34 Always social engineering
53:00 Pyramid of pain
53:14 Stuxnet
54:45 Telsa attack
55:07 NSA examples
56:32 Human Intelligence Hacking Example
58:40 Another hacking example
1:00:18 WiFi hacking example
1:01:32 Neal's photo while hacking:
1:03:22 Once inside, you are trusted
1:03:40 Summary of devices
1:03:55 Hak5 switch
1:04:08 Extra cables
1:04:15 Hak5 Rubber Ducky
1:04:30 Hak5 Pineapple
1:04:54 Hak5 Bash Bunny
1:04:58 Hak5 Packet Squirrel
1:06:26 Ubertooth
1:06:31 Proxmark
1:07:00 Value of networking knowledge
1:07:32 Neal got his CCNA
1:08:50 Very few companies use port security properly
1:10:08 Cain and Abel
1:11:00 Are zero-days worth it
1:12:05 Shiny objects vs Neal's wisdom
1:13:37 Real-world hard talk
1:14:25 What do you recommend
1:16:55 Neal and David going to do something
You should edit that 14:30 … since you already put all the effort into correction.
I don't know whether to feel bad for you or not lol.
🤡
On the subject of the key cards, thats where the social engineering side of things comes into play. You would simply have to find out which people have what access by watching the coming and going of personelle, which windows you see them by, and which doors you see them use most often. Then setup a scan of that person's card to make it where you want to be.
David this content is unlike any other and pure gold. Thank you very much
I revisit this one video often when I need to recalibrate my thinking & approach... a great way to pause & reflect very useful for taking some time to check our mindsets ... thankyou for a very therapeutic conversation... keep pushing forward everyone 🙌🏽💗
Hi David, thank you for making everything possible & easy for beginners by asking & explaining every single detail. Can you make a video about Raspberry pi? Setup & installation of Kali linux? And maybe some of your amazing ideas about pentesting?
Knowledge Wisdom (also not intelligence...) This is a valuable understanding that the vast majority in any field is sorely lacking today. Most people have very little wisdom until they're around 30+ years old unless your field of expertise is not complicated in any way. A college degree(or certifications) certainly does not provide you with wisdom. Knowledge is extremely important, but without the ability to put it to practice usefully, it's not worth much.
Fantastic, keep this kinda of real world content coming. I returned to school pursuing my first degree because of you two! AMAZING STUFF!
When I finally horn my trade on this path I will have David Bombai and Neil’s pics hanging on my office wall like the President and Governor’s official portraits do in most offices. I have gotten some loads of knowledge ever since I know this channel. A thousand thanks
Coach your the best. Thank you for making us better
What a conversation that made my brain thrives. Thank you David & Neal.
I would love for him to sit and explain what he thinks of Edward Snowden.
the most important and interest question of all that wasn't made
If he said anything he would be interrogated and watched for the rest of his life. I dont think he wants that.
@@almostattheendoflife2273 So sad but true.
@@almostattheendoflife2273 he's already tracked and watched. actually, we all are. assange, snowden and manning show us
@@riskinhos Also very true haha. Screw it talk about Snowden.
Thank you so much for these. I love how you not only demonstrate, but ask and share how to learn what you’re demonstrating. That’s what makes your channel so much different. 😀🥳
It always amazes me how far you can get with social engineering and knowing how people react. So here is my example from a pen test I did years ago.
First, I made a bad copy of an employee ID, picture, logo, and wording was in the right place but logo color was a bit different and the writing was not the same. Put the ID on an ID belt clip and clipped it on my belt in such a way that it was close to my crotch. People will not spend time scrutinizing your crotch, they will give it a glance and if it looks ok at a glance they accept it. I then walked in with some smokers. Sometimes called ghosting into the building.
Once inside I grabbed a clipboard with some paper on it that was sitting on an unoccupied desk, though it worked with a folder or a notepad as well, and proceed to wander the building like I was lost.
I was stopped by a nice lady who asked if she could help me. I told her it was my first day and there was no computer at my desk. My new boss told me to go to the IT department but I dont see it on this floor. She was nice enough to tell me I got off the elevator on the wrong floor and give me directions to the IT department.
Once at the IT department I walked in like I owned the place, clipboard in hand and asked "Whos the domain Admin?" I was pointed at a lady who handled AD and told her "The company hired me to do a pen test." (That part is true) "Now I have software that will get me the SAM login database but when I run it, it causes the AD server to blue screen." (This is BS as I didnt have some magic software to do it) "While that is actually part of the pen test they hired me to do, I thought I would come meet the admin and see if they were willing to say I did it and just plug in this USB stick and copy the SAM database file on to it."
She took the USB stick from my hand, had me follow her to the server room and plugged it directly into one of the AD servers. When I asked why we had to do it from the AD server she let me know that they disabled all the USB ports on the desktops so we had to do it at the server.
Best part was that with the SAM DB and some common software, I ended up cracking all but 2 passwords. On a company with 25k employees. I didn't even try to connect to the wifi or plug anything into the network. I did that part much later.
You can imagine how that report went. lol
Loved the video and agree, social engineering is a huge part of pen testing.
Lmao that's great. The part about the blue screen was brilliant. I would be pissed if that happened to my company.
There are places where such easy entry would be impossible.
I being former Military - Airforce [30 years service] have a close friend
who is a retired NAVY POLICE Officer.
We were discussing aspects of security - He related a story of a NAVAL
bus with some 25 personnel on board at the entrance barrier awaiting to
be escorted in --
The Particular NAVY POLICE Officer mentioned - made the bus wait until
he had scrutinized every ID and validated that it is genuine.
He has refused entry to High Ranking officers who failed to carry and
present proper ID - even if he recognizes their face -
The basis is that they may have been discharged from the Service on
the previous day - and would require special authorization to obtain entry.
-- Now for you intelligent people - explain the difference between:
NAVY and Navy
APPLE and Apple
ON and on/On
To give you a heads up start -
They sound the same but that does not mean they are the same.
Love when David emphasizes on the CCNA.
Love it.
20:57 so I just got into hacking and pentesting recently and I don´t really have a lot of money, but I have time. I wanted a rubber ducky, but it was too expensive for me, and i found the pico ducky project. So I bought a raspberry pi pico and started the project. It didn´t take me too long to make it work, it was pretty fun to do and a lot cheaper than a real rubber ducky. Also I learned a lot, and the raspberry pi pico seems to have a lot more applications than a rubber ducky. So yeah, I agree that time is money, and that your time has value, but if you have time, wanna learn new things or just don´t have a lot of money maybe the DIY is a good choice.
I'm interested too, @Dafelix. My story is similar to yours. Please how do I get stated with the Pico ducky project? How can I get a raspberry pi pico?
When he started talking about people on their smoke break that is so true. They are the most vulnerable ones in the work place.
You are missing one strong peace of equipment: Stingrays, also known as "cell site simulators" or "IMSI catchers,"
My hand hurts from all the note taking. Thanks so much for all your help.
Pen testing be sounding like the perfect job!!! Thanks for all the information you be sharing with us!
This was the best video I have found for how to get into cyber security. It made me believe I can finally make a career change and get that first job as a pen tester. Off to start that INE course!
Him: "I socially engineered the hotel when I got there to get a room with a window that faces the target"
Reality: I'd like to book a room that faces um .. West.
Hotel: No problem sir, here's your room key.
Him: Hacked!!!
This is fantastic. I like the down to earth critique of zero days. A book I’m reading now, “This is how they tell me the world ends” is all about zero days and how the world’s networks are all completely vulnerable because of them ( I haven’t finished it yet, though).
I would like to have heard, though, if Neil was ever unsuccessful via social engineering to gain physical access to a company.
I enjoy and take notes in every video you make with Neal! Thanks, David! Great stuff ❤
I must say I watched this 10 times and learned something new each time!!!! Loved this!!!! Thanks too you both !
1:08:00 im really shocked, even my home network has isolated Lan to W-Lan while the password-secured W-Lan is isolated against the puplic acessible W-lan. And this is not cause im paranoid or have stored valueable things on Computers but it´s simply default by the Internet acess router and active until you change them to make such wired bridgings.
By far this is the best episode. Thanks David.
It’s finally here
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and TH-cam didn't like them... so I had to remove the video :(
Thank you for sharing real-life experience and a breakdown of what each tool does. Best of all real-life applications. I just started taking classes and I've learned more in this interview than in the 6 months of classes. This is incredibly informative for me as a newbie. Thank you David and Neal for taking the time to make this video.
5000 in 7 years? (3:05) That would mean 2 pentests per day, EVERY day... naah
On a complete side note, I Absolutely loved seeing a V-22 on a cybersecurity video. its as if my two life paths crossed. Thank you for these videos, it keep a feller like me going during a career transition.
Goddamn I always love the conversation between you and Neil. Thank you for providing us such a great content!
It's very rare that a 75min video can fly by so quickly. Awesome.
I mean come on guys, why do u have to say such a bullshit number like 5000 pentest? How? 5000 days is almost 14 years. This would mean that you had done a single pentest in a day for almost 14 year EVERY day. Like...why are saying such a dumb number? :D
This guy is amazing, please bring him again! Can't wait for those courses.
The number 5000 comes from his experience in the US military... They know how to inflate numbers
The picture of Neal with the security guard in the background made me think of a time I saw how trusting people can be. I was at a 2600 meeting on the patio of a coffee shop, myself and another attendee were talking about all manor of old tricks that used to work. A guy at an adjacent table, not there for the meeting, and who neither one of us had ever even spoken to was doing something on his laptop, looked over to us and asked if we could watch his stuff while he went inside and got a refill. The guy I was talking to said “no problem, it’s not like we’re hackers at a hacker meeting or anything like that.” The laptop owner chuckled, and left his laptop there with us for the next few minutes. We didn’t do anything because we were both too busy laughing our asses off and complaining that we’ve never had access that easy.
Why would you wanna mess with someone's computer for free? Guy asked a couple of doctors to look at this thing on his neck.
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and TH-cam didn't like them... so I had to remove the video :(
Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests.
Menu:
0:00 ▶ Introduction
1:17 ▶ Neal sees pentesting differently
2:00 ▶ Neal's advice from experience
3:18 ▶ Neal's 5,000 pentests
4:30 ▶ Take NSA and experience
5:10 ▶ Preparation is key
5:50 ▶ OSINT
6:30 ▶ Actual Pentest report
7:50 ▶ Pretexting
8:45 ▶ Another real world example
9:30 ▶ Planning is very important
10:15 ▶ Leave stuff in your car?
11:55 ▶ Right tools for the job
12:05 ▶ Top tools
12:30 ▶ Extra cables
12:58 ▶ Hak5 Ethernet cable
13:10 ▶ Is Hak5 a necessity
13:57 ▶ Rubber Ducky
14:30 ▶ Hak5 are great
15:00 ▶ Real world example of equipment
15:30 ▶ You can create your own stuff
16:10 ▶ Your time is money
16:30 ▶ Proxmark
17:30 ▶ Crazy RFID reader
18:50 ▶ Poor planning RFID example
20:20 ▶ Your time is worth something!
21:00 ▶ Hone your tradecraft
21:20 ▶ Proxmark explanation
21:50 ▶ A reader doesn't give you access. You need a pretext
23:50 ▶ Social engineering
25:50 ▶ You need a story
26:04 ▶ Social Engineering vs tech
29:00 ▶ Physical access is king
30:00 ▶ What to do once past the door
31:19 ▶ Military facility pentest
33:27 ▶ Look for a network port
34:49 ▶ You want to get out of there
35:04 ▶ Hak5 Lan turtle
36:35 ▶ Back of computer vs switch
37:32 ▶ Pop it into the back of the computer
38:11 ▶ What about WiFi
38:50 ▶ TP-Link WiFi Card
39:50 ▶ Ubertooth
40:50 ▶ HackRF One
41:56 ▶ Hak5 Pineapple
42:09 ▶ SDR
43:00 ▶ Real world example
44:13 ▶ Alfa Network Adapter
44:50 ▶ Wifi Hacking
44:49 ▶ Alfa not practical so much
46:20 ▶ You cannot charge for a WiFi pentest
47:17 ▶ You are making it real
47:45 ▶ WiFi can be social engineering
48:47 ▶ Captive portal
49:40 ▶ Rogue Access point
50:40 ▶ Real world wifi pentest example
51:30 ▶ Port Security
51:57 ▶ Hak5 Pineapple access corporate network
52:34 ▶ Always social engineering
53:00 ▶ Pyramid of pain
53:14 ▶ Stuxnet
54:45 ▶ Telsa attack
55:07 ▶ NSA examples
56:32 ▶ Human Intelligence Hacking Example
58:40 ▶ Another hacking example
1:00:18 ▶ WiFi hacking example
1:01:32 ▶ Neal's photo while hacking
1:03:22 ▶ Once inside, you are trusted
1:03:40 ▶ Summary of devices
1:03:55 ▶ Hak5 switch
1:04:08 ▶ Extra cables
1:04:15 ▶ Hak5 Rubber Ducky
1:04:30 ▶ Hak5 Pineapple
1:04:54 ▶ Hak5 Bash Bunny
1:04:58 ▶ Hak5 Packet Squirrel
1:06:26 ▶ Ubertooth
1:06:31 ▶ Proxmark
1:07:00 ▶ Value of networking knowledge
1:07:32 ▶ Neal got his CCNA
1:08:50 ▶ Very few companies use port security properly
1:10:08 ▶ Cain and Abel
1:11:00 ▶ Are zero days worth it
1:12:05 ▶ Shiny objects vs Neal's wisdom
1:13:37 ▶ Real world hard talk
1:14:25 ▶ What do you recommend
1:16:55 ▶ Neal and David going to do something
=======================
Buy Hak5 coolness here:
=======================
Buy Hak5: davidbombal.wiki/gethak5
============================
Buy ShareBrained Technology:
============================
PortaPack: www.sharebrained.com/
================
Connect with me:
================
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
================
Connect with Neal:
================
TH-cam: th-cam.com/users/cyberinsecurity
LinkedIn: www.linkedin.com/in/nealbridges/
Twitter: twitter.com/ITJunkie
Twitch: www.twitch.tv/cyber_insecurity
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
TH-cam hates fun.
Gots my answer.
I work for a telecom. It would boggle your mind how many businesses have allowed access and left me alone into their switch room simply by saying I was there to check on equipment. Of course, I actually did need to check equipment, but many times this is without anyone at the company being notified or requesting a call from us.
Even easier, I can pull internet from the street, then walk in, say we're having an outage and I need access into their data rack, and boom I'm in. Of course I'm not doing anything nefarious, but it always amazes me where I've been let into.
It isn't mind-boggling - most people just don't care enough to bother checking things. Social engineering is a dumb term - you are basically just running a confidence game - assert like you are where you are supposed to be and people don't question it. The biggest flaw in security is the lowly paid or over worked person who really is just going about their mundane day to day trying to make a paycheck.
🤣 A pen tester that can't do simple math? Over 5000 in 7 years at 2 per week? Are you sure you don't mean testing pens? 😂
Great video! As a young person who wants to get into pentesting and cybersecurity for a career this video was incredible. Especially interesting how much emphasis Neal put on social engineering. Would love to see a conversation with Neal on how to develop social engineering skills and how people in this field learn to social engineer in person.
The problem I see with learning social engineering is that you could very easily be arrested (or serious trouble) for trying to use the skills without permission from the companies (obviously). But it seems unlikely that a pentesting firm will hire and train someone who has very little to no social engineering skills. (especially for younger people who don't have as many years of experience working in cybersecurity).
Thanks again for the great video!
Get a cs degree, do your comptia or IBM certificate and get you a society or company that backs you up and your good to go.
As long as you can identify yourself as a whitehat you shouldn't get serious trouble.
theres tickets and certification that proves he is whitehat so everything is fine.
Great video! I have many of those same tools, even the exact same TPLink wifi stick. I also always carry a CrazyRadio PA for mousejack attacks. It's astonishing how many computers STILL use wireless keyboards and mice that are vulnerable to mousejack.
One thing I’ve always wondered about is how solarwinds became so popular with government agencies. I didn’t know the Air Force was a starting point for NSA analysts. I’m curious if the government can require their vendors pass a pentest run by someone like this. I feel like it would make us all a little bit safer at the end of the day. Thanks guys! Great vid!
They can. They even require it in some industries. Banks for example. Analysts are not the operators. Resding is not a superpower.
In a word, excellent. Really good to see what goes on in 'The Real World'.
Learning is a process which some people can only understand and pull knowledge only after the process is completed and they got through it. For instance, lots of people find building the tools is a cool part of the job, and they will be right if the job is to build the tools. If you are the operator, you only need to understand the tool in order to adjust it if you need on the field. I was one of those passionate people who wanted to do everything and tied to be everywhere. Until I found out I spend way too much time for the results I am getting. So I focused to get results and let other people do some of the work
One of the reason why I have a big bag of tools and different stuff is because the company or location might not be weak to todays tools or exploites but early versions. So depending on the test and what and where you are. More tools might be necessary for different approaches
Incredibly intriguing! I work help desk and have always wondered on the equipment/methods pentesters actually use as it is something I'd love to do someday. I learned a lot about pentesting and learned an incredible amount on social engineering and just general security awareness from this stuff. Thanks again.
Hi Havid, i really like all your videos, I am 60 years old and trying to keep working .
I think wireless will come back in a sense with the IoT, people not understanding that those devices should be kept totally separate from any other network due to their insecurities and the lack of understanding on what the devices actually do and the information they collect and use. Also that often these devices can be external of a building, so to get actual physical control of them is not that difficult, and as such allowing you to obtain the wireless information for the rest of the network from physical access to one small device.
David is the goat period! Thanks for your inspirational videos.
Gosh what a great discussion here. You guys should team up and come up with some courses. I just bought Davids Networking course on Udemy and it's so next level. The only course you will ever need..really. Thanks guys for sharing you're knowledge.
I used to dream of being a hacker as a kid (never became one) but I love watching these videos anyway as an adult. Thanks David and Neal
It's never too late to start anything you wanna do. They say hackers come from all walks of life and I've seen them in all ages too
I'm just trying to think of ways that you would potentially slow down someone like this, once they are in the building. Locking the port security down to the fixed MAC address of the static pc at all the work stations, was my first thought, and having all the communal area network ports locked down to a 'communal area' vlan with, say, only web access and RDP was my second thought.
I don’t know how I came across this video but I’m so glad I did because I know nothing about this stuff but now I want to know EVERYTHING. This is so cool!
Seems like, rather than gathering knowledge, it's better to practice discerning who has the higher quality knowledge, and seeking out those sources sooner, setting aside all the lower quality sources. Feels like this is what the application of Wisdom looks like, when trying to advance in a Cybersecurity career, or any career for that matter. Seems like rather than asking "What should I be thinking and doing to get better?", maybe ask, "How can I think differently, and who might help me see what I cannot see on my own?". I say these things because in my lifelong journey as a student in many fields, what has helped me learn faster was never doing more work, but applying lessons gained from carefully observing the work of others more skilled than I am, and asking myself questions about 'what', 'how', and 'why' things are happening as I observe them. This paradigm replaces and outweighs the value of an entire encyclopedia of knowledge studied over a lifetime. And, David, and Neal are acting out this very process in real time to help the viewers get the feel of what it's like, rather than explicitly stating it. It's Golden Info. Thanks again guys.
YOU TWO GUYS ARE AWESOME AND WANT TO SAY THANK YOU FOR THE WISDOM AND HONESTY👌
I love competence. Thank you both for recording this episode.
The David and Neal Show strikes again. Absolutely nailed it!
I had a network instructor who liked to add a psudo level of osi model called the "people layer" which is and was demonstrated to be the most reliable point of entry for hackers. Social engineering, like physical access is king.
I worked for a federal cyber center. We did lot's of testing kinda like what was described. The number 1 thing in my "bag" for social engineering is the wheelchair I use. Nobody wanted to confront me, I could just make the door hard to open and without fail somebody would come open it up, no badge needed.
The only is a bald guy in a wheelchair isn't exactly "gray man" material.
One of the best videos on your channel David. Thanks for your time for creating such a great content
@54:21 thats what Rob Joyce said also in his Usenix speech. These guys are either staying on message or being truthful. Great speech.
Thank you very Mr. David,
This video changed my instinct and perception entirely.
Bless Ya!
Learned so much from this one video, thank you David and Neal. Looking forward to whatever you do next.
So for the internal pentest it's EC-COUNCIL Storm mobile security toolkit and for external pentest it's Hak5 red team field kit with supplies, especially have a Microsoft surface go 3 and apple MacBook air current edition with ellipal titan 2.0
This is absolutely fascinating to me. Before I fell in love with cyber security and hacking and what not. I was a touring Musician playing with Guitar in multiple bands. And one of the common theme is gear, I feel like sometimes these people put the gear over the player. Coming to the computer world is completely different I feel like the correct me if I’m wrong it seems like a computer folks really want what gets the job done and that’s it. We don’t care as much about having to be the best or the most expensive.
I set up Enterprise Wireless that easily detected and alerted Rouge wireless points. But the main Highway was 20 ft from one side of the building trucks and cars that have their own hot-spots overwhelmed the admin who could possibly look in real time at all the alerts. Basically we had to ignore the access points on that Highway side of the building.
So true, it is almost off the table at most customers as any loading dock will just false alert on any fleet vehicle. Or proximity to a public road.