I hope you do! It's a neat experience and you'll learn a lot just from doing so. Nice job getting to where you are at currently with your studies and training
@CtrlAltDelicious69 That's absolutely true BUT I can say from my experience in web hosting support, it is very common for a lot of small businesses to use a CMS like WordPress and never add any sort of security/hardening
I found out about comp sci around 2 years ago and cybersec about 1 year ago. I highly recommend looking into the field if you enjoy computers, the internet, and networks!! It’s life changing stuff.
Thanks for watching. And I would say yes. 1. There are bug bounty programs such as hackerone.com and there are online platforms such as tryhackme.com and hackthebox.com but you can also download virtual machines locally to hack and play with. 2. While pentesting is a job/role, most companies will outsource a pentester rather than have one dedicated to their company, mostly for cost savings and improved efficiency to increased security.
man this is cool, currently a software developer intern with no security stuff at all but hacking and stuff looks fun, might have to try it sometime tho :p
looks sick ive tried tryhackme before but didnt commit cause i know nothing about it lol. how long would you say it takes a beginner from learning the basics n such to entry level ready?
You should definitely give it another shot! And that really just all depends. If you spend a lot of time studying and pick things up quickly, you could be employer ready in 6-12 months. It really comes down to the company and the position
I would suggest keeping up with Python! Knowing how to create your own hacking tools is very beneficial. But I am glad to have helped you find something of interest
Very good job and thank you for sharing such a great vid I am new for hacking but have some little knowledge and i would be happy if you could suggest me the roadmap since you are a cyber security graduate. Thank you
Thanks for watching! There are a lot of different ways to get to your end goal, but absolutely start with the fundamentals - networking, operating systems, web hosting/applications, how to read email headers, etc. This will help you understand how to set up servers and services and then you can craft your way toward being a SOC Analyst, Penetration Tester, and so on. Although they are not always required, getting certifications through groups such as CompTIA will help and then also doing projects at home and networking with others in your area. I also always like to recommend this: www.cyberseek.org/pathway.html
What is your suggestions for Cyber security ❤️plz tell me roadmap for Cyber security ❤️ and best online learning for it please reply ❤️🙏🏻 Love your videos ❤️
I suggest looking here first: www.cyberseek.org/pathway.html Once you decide your desired path, start a course that follows that path. Tryhackme, CompTia, and TH-cam will get you pretty far
loved this video so much, but i have a question: lets say my main goal is to become a cybersecurity manager and i saw a comment where you recommend to check a site for cybersecurity career pathway, could you help me a lil bit more on how i should start my way to become a cybersecurity manager? i know that it'll be very difficult but im not here to take an easier way to achieve my goal, so im prepared to everything. ps. im still not entirely sure if i wanna become a cybersecurity manager, but im sure that i wanna join the world of cybersecurity
There are a lot of ways go about this, so I wouldn't narrow it down to a right or a wrong way. There are a lot of certificates that hold weight, such as the CISSP, but aren't entirely necessary to have in order to hold a management position. For example: My mentor is a SOC manager and does not have any certificates but does have some college degrees. To really help yourself get to where you want to be, you first need to discover which security umbrella you want to be apart of. Do you want to work in healthcare, finance, education, etc. Do you want to oversee Security Operations (SOC), Penetration Testing, Governance Risk and Compliance, etc. The best thing you can do for yourself is to identify the sector you are most passionate about focus your attention in that direction. See if you can set up a talk with the security team at your current job - ask them what steps they took to get to where they are, what development then get from their current role, what training they are offered for their job, and recommendations on ways to network with those in your area. Maybe one of them will agree to mentor you. You will more than likely need to start entry level and slowly work your way up, so always ask those interviewing you what kind of training they offer and how they can help you grow in your position to achieve your goal.
I understand what you're saying. This is simply to introduce certain tools to those who have never used them. If you are into CTF's, I have a harder room that does not involve WordPress if you want to check it out, just let me know
There are lots of communities to join - reddit probably is the easiest way to find some discords or forums but twitter has a lot of cyber people as well.
For any website, your router will connect to it from a DNS server, linking the domain name to an IP address. The A record is a public record and can be found through packet captures, whois lookup, nslookup, etc. There are a lot of ways to find a public IP BUT that's not the same as the private IP in the network. A lot of websites these days communicate with multiple servers, or API's, to run. Additionally, they may be routed through a CDN. But ultimately, it is found through passive reconnaissance.
Can we use hydra to extract numbers from a site whose I'd is valid(gets the otp on phone) and check if the status is 200 and store it a text file I have seen the hydra gui and cli but still cannot use the advance commands in it. Can a make a advance tutorial on hydra and thc-hydra
Sorry for the late response. I will look into this more, but hydra is not designed for extracting numbers from websites or checking the status of a page. To extract numbers from a website and check the HTTP status code, you would typically use a combination of web scraping and scripting tools or programming languages such as Python.
Sorry for the late response, but it is suppose to be private, but you can join if you have the right link tryhackme.com/jr/bankctf If it asks for a code, try bankctf
Although video was good but Brother we don't need to find these flags in actual bank websites. Bro make a video on how to get credentials like you showed that robot.txt file etc and other employees, customers data their details and website's dashboard, database access by simple and unique methods like this. But please don't include flags process because that makes teaching much complicated and complex....thanks for teaching
@@darianxd5508 brother i mean teach advanced ways to access login pages, ftp, ssh, telnet, and other ports, also website servers advanced h*cking. Inshort bring advanced videos and tutorials which nobody has uploaded yet on youtube. Especially android applications servers hack because those types are completely rare on youtube
@@darianxd5508 In metasploit it's exploits don't work for latest servers default credentials do not work these days because servers are far more secured in comparison to these cheap exploits. We need advanced ways of hacking tutorials, ways and exploits to compromise secured servers and systems...hope you will try ur best....
Hi Meer, thank you for watching! And I understand what you are saying, this video and CTF is intended to introduce newcomers to some hacking tools and tactics, so it's not completely realistic on purpose. I demonstrate some more complex hacking in my latest CTF video here th-cam.com/video/PwNNomQEApU/w-d-xo.html and I have a short demonstrating Outlook's most recent vulnerability, the NTLM leak.
@@jacvbtaylor hello mate, I just found your channel and like it. Do you have instagram or something because I would appreciate if I can ask you some questions?
Hey! Sorry for the late reply. And at the moment I am not too certain what credentials you are referring to. There is one user you can see from the walkthrough that is used to authenticate SSH but the IP address I used will not be the same for you - yours will be the IP address that is shown on Tryhackme when you start the machine. And if you are trying to access the machine without using the AttackBox on Tryhackme, then you need to make sure you are on the OpenVPN for Tryhackme. Hope that helps!
This is so cool, I’m getting into ethical hacking and CTFs myself and would love to make my own once I get skilled enough
I hope you do! It's a neat experience and you'll learn a lot just from doing so. Nice job getting to where you are at currently with your studies and training
@CtrlAltDelicious69 That's absolutely true BUT I can say from my experience in web hosting support, it is very common for a lot of small businesses to use a CMS like WordPress and never add any sort of security/hardening
I watched every second of this! Learnt a lot and I like how you explain in a very calm voice 😌
I appreciate you taking the time to listen and happy that I was able to teach you something new today. Thanks for watching!
Very cool!
Appreciate you taking the time to watch! Thank you
good work jacob.
Thank you!
This was a fun room, thanks for making.
Thank you for your support! I appreciate it
I’m definitely not into cybersecurity but this vid was so interesting. Might have to look into it haha
Thanks for watching! I hope you do, it's a really awesome thing once you dive into it
I found out about comp sci around 2 years ago and cybersec about 1 year ago. I highly recommend looking into the field if you enjoy computers, the internet, and networks!! It’s life changing stuff.
But don't do any cyber attack cuz you will be in trouble
@@DitiGjoni you won’t
@@etano1701 would*
Wonderful video! Mind if I ask what keyboard you have?
Thank you! It came with my PC but it is a cyberpowerpc nohi 01
@@jacvbtaylor Thank you for the answer!
Cool puzzle, good entry lvl
Thanks for watching!
awesome brother. thanks for this and have agood weekend.
Thanks, you too!
Nice video, just have 2 questions. Can one do this just for the fun of it? Also do companies actually hire full time for these roles(pen testers)?
Thanks for watching. And I would say yes.
1. There are bug bounty programs such as hackerone.com and there are online platforms such as tryhackme.com and hackthebox.com but you can also download virtual machines locally to hack and play with.
2. While pentesting is a job/role, most companies will outsource a pentester rather than have one dedicated to their company, mostly for cost savings and improved efficiency to increased security.
Can you hit the mouse and keyboard any harder?
I definitely need a better mic 🙃
Hello Mr fed man I’m only watching this for edutainment purposes no need to put me higher on the surveillance list thanks
😆
8080 isn’t https common port 443 is. 8080 is common alternate for http and 8443 is common alternate for https
You're definitely right! I was having a huge brainfart when I recorded this. Good looking out though
really good video! i have learned so many things from you! Thank you so much! Do more these kind of videos!
Thanks so much for watching!
man this is cool, currently a software developer intern with no security stuff at all but hacking and stuff looks fun, might have to try it sometime tho :p
They go hand in hand! If you know how to exploit a program, you can better secure it
@@jacvbtaylor I've learnt, the only totally secure system is an empty one :D
Thanks, brother, keep up, you're a legend.
Appreciate it!
looks sick ive tried tryhackme before but didnt commit cause i know nothing about it lol. how long would you say it takes a beginner from learning the basics n such to entry level ready?
You should definitely give it another shot! And that really just all depends. If you spend a lot of time studying and pick things up quickly, you could be employer ready in 6-12 months. It really comes down to the company and the position
i have zero clue how to hack always wanted to learn now im really interested i started trying to learn python but this looks way more up my alley lol
I would suggest keeping up with Python! Knowing how to create your own hacking tools is very beneficial. But I am glad to have helped you find something of interest
Cool video, paid attention during the 32 minutes it lasted, thank you
I love hearing that! Thanks so much for watching and I am glad you liked it
This was very cool! Thank you for the video!
Thanks so much! Thank you for watching
Thanks , it was an interesting brief
Appreciate it! Thanks for watching
I look up to you man ❤
thanks now i can buy lamborghini
Let me know how that goes!😀
Good work.. Thank you.
Thank you for your support, Sanketh!
Nice :D
Thank you!
Very good job and thank you for sharing such a great vid
I am new for hacking but have some little knowledge and i would be happy if you could suggest me the roadmap since you are a cyber security graduate.
Thank you
Thanks for watching! There are a lot of different ways to get to your end goal, but absolutely start with the fundamentals - networking, operating systems, web hosting/applications, how to read email headers, etc.
This will help you understand how to set up servers and services and then you can craft your way toward being a SOC Analyst, Penetration Tester, and so on.
Although they are not always required, getting certifications through groups such as CompTIA will help and then also doing projects at home and networking with others in your area.
I also always like to recommend this: www.cyberseek.org/pathway.html
@@jacvbtaylor Thank you very much, will go for the suggestions bro
What is your suggestions for Cyber security ❤️plz tell me roadmap for Cyber security ❤️ and best online learning for it please reply ❤️🙏🏻 Love your videos ❤️
I suggest looking here first: www.cyberseek.org/pathway.html
Once you decide your desired path, start a course that follows that path.
Tryhackme, CompTia, and TH-cam will get you pretty far
@@jacvbtaylor thank you so much ❤️this is very helpful for me ❤️ lots of love from Nepal 🇳🇵
I am new to Ethical Hacking and I just want to know where to get that wordlist from.
loved this video so much, but i have a question:
lets say my main goal is to become a cybersecurity manager and i saw a comment where you recommend to check a site for cybersecurity career pathway, could you help me a lil bit more on how i should start my way to become a cybersecurity manager? i know that it'll be very difficult but im not here to take an easier way to achieve my goal, so im prepared to everything.
ps. im still not entirely sure if i wanna become a cybersecurity manager, but im sure that i wanna join the world of cybersecurity
There are a lot of ways go about this, so I wouldn't narrow it down to a right or a wrong way. There are a lot of certificates that hold weight, such as the CISSP, but aren't entirely necessary to have in order to hold a management position.
For example: My mentor is a SOC manager and does not have any certificates but does have some college degrees.
To really help yourself get to where you want to be, you first need to discover which security umbrella you want to be apart of.
Do you want to work in healthcare, finance, education, etc.
Do you want to oversee Security Operations (SOC), Penetration Testing, Governance Risk and Compliance, etc.
The best thing you can do for yourself is to identify the sector you are most passionate about focus your attention in that direction. See if you can set up a talk with the security team at your current job - ask them what steps they took to get to where they are, what development then get from their current role, what training they are offered for their job, and recommendations on ways to network with those in your area. Maybe one of them will agree to mentor you.
You will more than likely need to start entry level and slowly work your way up, so always ask those interviewing you what kind of training they offer and how they can help you grow in your position to achieve your goal.
Nice
Thanks for watching!
Amazing content love from india keep it up😘👌🏼❤
Thank you!
what programming language is it
This is done from the Linux command line. So it would be considered bash
Good content
Thank you! Thanks for watching
thanks 4 info here i come banks
I sure hope no banks have as bad of security as this CTF haha
Keep it up bro 🙂
Thank you!
I love how every like I hacked a "insert import thing here video" is using a old version of wordpress that still has this stupidly easy vuln
I understand what you're saying. This is simply to introduce certain tools to those who have never used them. If you are into CTF's, I have a harder room that does not involve WordPress if you want to check it out, just let me know
is cool
Thanks for watching!
how do you stop gobuster? You type it fast I wasn't sure
Try ctrl + c or ctrl + z - both should work
How can I enter this room in my THM account
Try this link here: tryhackme.com/jr/bankctf
I want to join a hacker community... which can I join? Do you have one where info is shared and we can all communicate?
There are lots of communities to join - reddit probably is the easiest way to find some discords or forums but twitter has a lot of cyber people as well.
Why is the room now private?
It is suppose to be, but you can join if you have the right link tryhackme.com/jr/bankctf
If it asks for a code, try bankctf
@@jacvbtaylor thanks
Asante
You're welcome! Thanks for watching
cute beard
RT
Thanks for watching!
Is this free machine?
Yes it is! As long as you have a THM account and the link, you are free to play
@@jacvbtaylor thankyouu you earned subscribe please create more videos like this
how do you get a ip address for a banking site in real time?
For any website, your router will connect to it from a DNS server, linking the domain name to an IP address. The A record is a public record and can be found through packet captures, whois lookup, nslookup, etc.
There are a lot of ways to find a public IP BUT that's not the same as the private IP in the network. A lot of websites these days communicate with multiple servers, or API's, to run. Additionally, they may be routed through a CDN. But ultimately, it is found through passive reconnaissance.
Can we use hydra to extract numbers from a site whose I'd is valid(gets the otp on phone) and check if the status is 200 and store it a text file I have seen the hydra gui and cli but still cannot use the advance commands in it.
Can a make a advance tutorial on hydra and thc-hydra
Sorry for the late response. I will look into this more, but hydra is not designed for extracting numbers from websites or checking the status of a page.
To extract numbers from a website and check the HTTP status code, you would typically use a combination of web scraping and scripting tools or programming languages such as Python.
IT IS REALLY
Thanks for watching!
Can you make a tutorial on hashing and auth bearer hash cracking ?I need the tutorials
Thanku
I will look into this!
bro it shows me that the room is private , i can't access it !
Sorry for the late response, but it is suppose to be private, but you can join if you have the right link tryhackme.com/jr/bankctf
If it asks for a code, try bankctf
@@jacvbtaylor thnx bro , it worked !
@@khaleedmayas Glad to hear! Have fun and thanks for checking it out
Although video was good but Brother we don't need to find these flags in actual bank websites. Bro make a video on how to get credentials like you showed that robot.txt file etc and other employees, customers data their details and website's dashboard, database access by simple and unique methods like this. But please don't include flags process because that makes teaching much complicated and complex....thanks for teaching
can you elaborate, I am thinking about going into this field and even tho I know this is a game I want to know more about cybersecurity
@@darianxd5508 brother i mean teach advanced ways to access login pages, ftp, ssh, telnet, and other ports, also website servers advanced h*cking. Inshort bring advanced videos and tutorials which nobody has uploaded yet on youtube. Especially android applications servers hack because those types are completely rare on youtube
@@darianxd5508 In metasploit it's exploits don't work for latest servers default credentials do not work these days because servers are far more secured in comparison to these cheap exploits. We need advanced ways of hacking tutorials, ways and exploits to compromise secured servers and systems...hope you will try ur best....
Hi Meer, thank you for watching! And I understand what you are saying, this video and CTF is intended to introduce newcomers to some hacking tools and tactics, so it's not completely realistic on purpose.
I demonstrate some more complex hacking in my latest CTF video here th-cam.com/video/PwNNomQEApU/w-d-xo.html
and I have a short demonstrating Outlook's most recent vulnerability, the NTLM leak.
@@jacvbtaylor hello mate, I just found your channel and like it. Do you have instagram or something because I would appreciate if I can ask you some questions?
What are the credentials used to SSH into the lab? xxxx@ipaddress and the password? havent been able to continue with the ctf because of this lol
Hey! Sorry for the late reply. And at the moment I am not too certain what credentials you are referring to.
There is one user you can see from the walkthrough that is used to authenticate SSH but the IP address I used will not be the same for you - yours will be the IP address that is shown on Tryhackme when you start the machine.
And if you are trying to access the machine without using the AttackBox on Tryhackme, then you need to make sure you are on the OpenVPN for Tryhackme. Hope that helps!