What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!

@davidbombal

2 жыл бұрын

Thank you Akan! I appreciate that :)

@selvapriyan81

2 жыл бұрын

True well said. He exactly asked what came to my mind :)

@NAKAEtekq

Жыл бұрын

❤seems like David is in my head. Any question that comes into my head is always asked by david💖Thank you for helping us the beginners

@thebread9874

Жыл бұрын

@Ostia Hermes if the nsa wanna hack you, no router in the world is gunna stop them.

@thebread9874

Жыл бұрын

@Ostia Hermes most likely high end Cisco routers and firewalls but that's overkill for a SOHO

After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.

@JehuMcSpooran

Жыл бұрын

Dressing the part helps too. Watching this made me realise how many situations I have been in that people have trusted me with no reason to and half the time it is because it was what I was wearing that did it.

@Native_love

Жыл бұрын

Richard Marcinko talked about how easy it was to get anything done on a US base just by being nice and wearing a Navy sweater or something like that.

@kiiturii

Жыл бұрын

@@JehuMcSpooran a clipboard and a vest will get you anywhere, but at the same time I've heard cool stories of pentesters getting access to the most secure buildings while wearing completely unfitting clothing because they were trying to push how far they can go before getting caught edit: like just look at 1:01:38 haha

@thekaiser4333

9 ай бұрын

The worst to Neal. Spying on friends and allies is not tolerable. Hope he gets arrested when he crosses the German border.

David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.

I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!

David, a huge thank you to yourself and Neal for taking the time to make such a great and educational video. I'd have to say this is one of your best videos that I've seen, and we all know how high quality all your other ones are !

I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.

@nucknuck123

6 ай бұрын

🤔 I guess the movies got it right 💁 lol this reminds me of I spy

Fantastic, keep this kinda of real world content coming. I returned to school pursuing my first degree because of you two! AMAZING STUFF!

Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.

@zac2877

Жыл бұрын

Sysadmin here taking notes ;)

I enjoy and take notes in every video you make with Neal! Thanks, David! Great stuff ❤

David this content is unlike any other and pure gold. Thank you very much

The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos

Thank you so much for these. I love how you not only demonstrate, but ask and share how to learn what you’re demonstrating. That’s what makes your channel so much different. 😀🥳

David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.

My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and KZread didn't like them... so I had to remove the video :( Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests. Menu: 0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something ======================= Buy Hak5 coolness here: ======================= Buy Hak5: davidbombal.wiki/gethak5 ============================ Buy ShareBrained Technology: ============================ PortaPack: www.sharebrained.com/ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZread: kzread.info ================ Connect with Neal: ================ KZread: kzread.info LinkedIn: www.linkedin.com/in/nealbridges/ Twitter: twitter.com/ITJunkie Twitch: www.twitch.tv/cyber_insecurity Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@guilherme5094

2 жыл бұрын

KZread hates fun.

@SabbirHasan58

2 жыл бұрын

Gots my answer.

Pen testing be sounding like the perfect job!!! Thanks for all the information you be sharing with us!

Incredibly intriguing! I work help desk and have always wondered on the equipment/methods pentesters actually use as it is something I'd love to do someday. I learned a lot about pentesting and learned an incredible amount on social engineering and just general security awareness from this stuff. Thanks again.

Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.

@brokeyoutuber

2 жыл бұрын

Those damn vulnerable collages

@intuit13

2 жыл бұрын

@@brokeyoutuber lmao... I got into computers when I was like 15 in the mid-90s. I definitely wasn't a programmer/hacker but I WAS very interested in the subject. Occasionally I'd buy a 2600 and flip through it, reading a lot but digesting little. Anyway, the ONE system I ever got into myself without just guessing or using default passwords on random telenet machines or local dial-up systems was a big-name University's system. Ended up "hacking" into one of their machines by using what was probably the easiest method any "script-kiddie" could use, the "PHF exploit". Found your comment about 'damn vulnerable colleges" kinda funny, heh.

I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it. It's all about legal consent to pentest, social engineering and then the tech knowledge. And there is always more to learn.

One of the best channels on KZread, thank you for what you provide to the community

What a conversation that made my brain thrives. Thank you David & Neal.

Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!

@TheBenJiles

Жыл бұрын

Hope your business is going well

@hasihasi7163

Жыл бұрын

Good Luck !!

@grantsterling3744

Жыл бұрын

Hey, I know that you don't know me, but, I'm interested in starting a company in my area. I'm just getting started, haven't even done a ctf or bug bounty, even. I was wondering how you are doing about a year in? Good luck and hope to hear from you soon

Cannot wait for OSINT video. I am so in to it right now

@inkbythebarrelandpaperbyth6905

2 жыл бұрын

Yes!

@cdenver

2 жыл бұрын

100% OSINT is amazing, would also love to see OTS and social engineering conversations.

I love how David knows all the details but asks the questions Noobs like us would! Thank you David!

Thank you for sharing real-life experience and a breakdown of what each tool does. Best of all real-life applications. I just started taking classes and I've learned more in this interview than in the 6 months of classes. This is incredibly informative for me as a newbie. Thank you David and Neal for taking the time to make this video.

Hi David, thank you for making everything possible & easy for beginners by asking & explaining every single detail. Can you make a video about Raspberry pi? Setup & installation of Kali linux? And maybe some of your amazing ideas about pentesting?

Coach your the best. Thank you for making us better

By far this is the best episode. Thanks David.

Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!

Goddamn I always love the conversation between you and Neil. Thank you for providing us such a great content!

I enjoy the chat, but to be honest I would love to see a more to the point video that highlights the hardware, and its general use; rather than a long protracted conversation about his experience in the field, and more so a nuts and bolts of what he actually uses regularly.

One of the best videos on your channel David. Thanks for your time for creating such a great content

Learned so much from this one video, thank you David and Neal. Looking forward to whatever you do next.

0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something

@StfuSiriusly

Жыл бұрын

yes bro its literally in the description..

@fearkrypton4565

Жыл бұрын

@@StfuSiriusly ik i copied from their..just for my convience like i cantt go o description all the time again and again

Him: "I've done like 5000 pen tests.. multiple tests every week, for 7 years." Reality: 3 per week x 52 weeks x 7 years = 1092 tests. He'd actually have to do 3 per day.

@sloanphillippi2790

Жыл бұрын

That bugged me so much lol

@paullees6687

Жыл бұрын

The only way I could see this being the case is if he means he counts nmap and a sql injection as 2 different "pen tests". Either way this was annoying

@carmodity

Жыл бұрын

@@paullees6687 Alternatively, 3 per week would only take him 35 years, without a break.. so maybe he started when he was a baby ..

@paullees6687

Жыл бұрын

@@carmodity this guy's the Steven segal of pen testers. "Relax. I've been pen testing for like 50 years"

@attacksec

Жыл бұрын

Well, I think what he meant is managed those number of pentests, it's been like 14 years for me as well... and have managed/conducted over 6-8k tests myself..

I love competence. Thank you both for recording this episode.

Thank you for sharing guys. I really appreciate the time you invest in sharing this information and making it real.

I've been in IT for almost three months now and it is wild how many people are trusting of me with their password to their account when doing password resets. They get frustrated making a new password that they either ask me to do it for them or write it down for them. They think just because I am in IT that I am trustworthy - not to say I am not but I digress.

To do 5000 pen tests in 8 years, he'd have to average over 2 per day (assuming he worked 5 days per week).

@danielforrest3871

2 жыл бұрын

Yeah I was thinking the same thing. I have been in the industry for 30 years and have done 2k +/- most of this is just mostly silly to me. Gear is cool though.

@rdarkmind

2 жыл бұрын

It's called talking out of your ass. The whole hacker community was making fun of this on Twitter.

@habib_the_panda_odst

Жыл бұрын

Imagine thinking the military gives you a weekend on a deployment. Imagine thinking it’s impossible to do just because you are incapable of doing it yourself.

@michaelkaliski7651

3 ай бұрын

Each attack vector is counted as a test. Entering the building, gaining access to a computer, gaining access to the network, downloading data, and leaving the premises without ring challenged, would count as five tests. That could take less than an hour. Going back into the premises to retrieve equipment or data is going to count as a whole lot more tests. So 5,000 tests is not necessarily 5,000 separate premises tested, more like 500.

i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.

In a word, excellent. Really good to see what goes on in 'The Real World'.

If you do two pentests per week (which is a lot), it will take you nearly 48 years to perform 5000 🤨

@riskinhos

2 жыл бұрын

he does one for breakfast and one for dinner. 5k. it's bs

@toti3bash

2 жыл бұрын

yeah I do think that is an over exaggerated hyperbole.... I do not think that is truthful as well...

@TheBigJohny

2 жыл бұрын

I think he does pentest with large scope and counts them as more pentests. but otherwise it is indeed BS

@o_ss

2 жыл бұрын

I guess you were never in the military.

@fuba44

2 жыл бұрын

Was doing the same math, a hilarious claim.

Correctly formatted and grammatically correct list of TimeStamps Menu: 00:00 Introduction 01:17 Neal sees pentesting differently 02:00 Neal's advice from experience 03:18 Neal's 5,000 pentests 04:30 Take NSA and experience 05:10 Preparation is key 05:50 OSINT 06:30 Actual Pentest report 07:50 Pretexting 08:45 Another real-world example 09:30 Planning is very important 10:15 Leave stuff in your car? 11:55 Right tools for the job 12:05 Top tools 12:30 Extra cables 12:58 Hak5 Ethernet cable 13:10 Is Hak5 a necessity 13:57 Rubber Ducky 14"30 Hak5 are great 15:00 Real-world example of equipment 15:30 You can create your own stuff 16:10 Your time is money 16:30 Proxmark 17:30 Crazy RFID reader 18:50 Poor planning RFID example 20:20 Your time is worth something! 21:00 Hone your tradecraft 21:20 Proxmark explanation 21:50 A reader doesn't give you access. You need a pretext 23:50 Social engineering 25:50 You need a story 26:04 Social Engineering vs tech 29:00 Physical access is king 30:00 What to do once past the door 31:19 Military facility pentest 33:27 Look for a network port 34:49 You want to get out of there 35:04 Hak5 Lan turtle 36:35 Back of computer vs switch 37:32 Pop it into the back of the computer 38:11 What about WiFi 38:50 TP-Link WiFi Card 39:50 Ubertooth 40:50 HackRF One 41:56 Hak5 Pineapple 42:09 SDR 43:00 Real-world example 44:13 Alfa Network Adapter 44:50 Wifi Hacking 44:49 Alfa not practical so much 46:20 You cannot charge for a WiFi pentest 47:17 You are making it real 47:45 WiFi can be social engineering 48:47 Captive portal 49:40 Rogue Access point 50:40 Real-world wifi pentest example 51:30 Port Security 51:57 Hak5 Pineapple access corporate network 52:34 Always social engineering 53:00 Pyramid of pain 53:14 Stuxnet 54:45 Telsa attack 55:07 NSA examples 56:32 Human Intelligence Hacking Example 58:40 Another hacking example 1:00:18 WiFi hacking example 1:01:32 Neal's photo while hacking: 1:03:22 Once inside, you are trusted 1:03:40 Summary of devices 1:03:55 Hak5 switch 1:04:08 Extra cables 1:04:15 Hak5 Rubber Ducky 1:04:30 Hak5 Pineapple 1:04:54 Hak5 Bash Bunny 1:04:58 Hak5 Packet Squirrel 1:06:26 Ubertooth 1:06:31 Proxmark 1:07:00 Value of networking knowledge 1:07:32 Neal got his CCNA 1:08:50 Very few companies use port security properly 1:10:08 Cain and Abel 1:11:00 Are zero-days worth it 1:12:05 Shiny objects vs Neal's wisdom 1:13:37 Real-world hard talk 1:14:25 What do you recommend 1:16:55 Neal and David going to do something

@sky.the.infinite

2 жыл бұрын

You should edit that 14:30 … since you already put all the effort into correction.

@stevrgrs

Жыл бұрын

I don't know whether to feel bad for you or not lol.

@zrivs

Жыл бұрын

🤡

I must say I watched this 10 times and learned something new each time!!!! Loved this!!!! Thanks too you both !

I revisit this one video often when I need to recalibrate my thinking & approach... a great way to pause & reflect very useful for taking some time to check our mindsets ... thankyou for a very therapeutic conversation... keep pushing forward everyone 🙌🏽💗

It’s finally here

@davidbombal

2 жыл бұрын

My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and KZread didn't like them... so I had to remove the video :(

Him: "I socially engineered the hotel when I got there to get a room with a window that faces the target" Reality: I'd like to book a room that faces um .. West. Hotel: No problem sir, here's your room key. Him: Hacked!!!

The David and Neal Show strikes again. Absolutely nailed it!

As someone who is just starting their career/interest at a local college, this is so amazing. Thank you so much.

5000 pen tests? Even if you conducted 1 pentest a week for a year ( 52 tests a year). It would take 96 years. If you were looking at 5 applications a week (260 a year) that’s still 19 years. Something doesn’t make sense.

@greenmindsafricainitiative453

2 жыл бұрын

I guess some were automated tests

@johnsnows3464

2 жыл бұрын

I agree.He was prob exaggerating.

@dhyskRand

2 жыл бұрын

Typical AF writing when you have a team of 10 and they each do a pen test then you just did 10.

@tjm64

2 жыл бұрын

Probably did dozens of tests while training. Could be doing 5 a day in some cases.

@SynthToshi

2 жыл бұрын

I stop watching after the first 10 mins of noting but how good thr guy is... OK bro enough self glory already, let's see the tools 😒

20:57 so I just got into hacking and pentesting recently and I don´t really have a lot of money, but I have time. I wanted a rubber ducky, but it was too expensive for me, and i found the pico ducky project. So I bought a raspberry pi pico and started the project. It didn´t take me too long to make it work, it was pretty fun to do and a lot cheaper than a real rubber ducky. Also I learned a lot, and the raspberry pi pico seems to have a lot more applications than a rubber ducky. So yeah, I agree that time is money, and that your time has value, but if you have time, wanna learn new things or just don´t have a lot of money maybe the DIY is a good choice.

@agadaFrancisLouis

2 жыл бұрын

I'm interested too, @Dafelix. My story is similar to yours. Please how do I get stated with the Pico ducky project? How can I get a raspberry pi pico?

This man David Is too sensible with his questions, the best I have seen so far

Love when David emphasizes on the CCNA. Love it.

It always amazes me how far you can get with social engineering and knowing how people react. So here is my example from a pen test I did years ago. First, I made a bad copy of an employee ID, picture, logo, and wording was in the right place but logo color was a bit different and the writing was not the same. Put the ID on an ID belt clip and clipped it on my belt in such a way that it was close to my crotch. People will not spend time scrutinizing your crotch, they will give it a glance and if it looks ok at a glance they accept it. I then walked in with some smokers. Sometimes called ghosting into the building. Once inside I grabbed a clipboard with some paper on it that was sitting on an unoccupied desk, though it worked with a folder or a notepad as well, and proceed to wander the building like I was lost. I was stopped by a nice lady who asked if she could help me. I told her it was my first day and there was no computer at my desk. My new boss told me to go to the IT department but I dont see it on this floor. She was nice enough to tell me I got off the elevator on the wrong floor and give me directions to the IT department. Once at the IT department I walked in like I owned the place, clipboard in hand and asked "Whos the domain Admin?" I was pointed at a lady who handled AD and told her "The company hired me to do a pen test." (That part is true) "Now I have software that will get me the SAM login database but when I run it, it causes the AD server to blue screen." (This is BS as I didnt have some magic software to do it) "While that is actually part of the pen test they hired me to do, I thought I would come meet the admin and see if they were willing to say I did it and just plug in this USB stick and copy the SAM database file on to it." She took the USB stick from my hand, had me follow her to the server room and plugged it directly into one of the AD servers. When I asked why we had to do it from the AD server she let me know that they disabled all the USB ports on the desktops so we had to do it at the server. Best part was that with the SAM DB and some common software, I ended up cracking all but 2 passwords. On a company with 25k employees. I didn't even try to connect to the wifi or plug anything into the network. I did that part much later. You can imagine how that report went. lol Loved the video and agree, social engineering is a huge part of pen testing.

@Oats4761

2 жыл бұрын

Lmao that's great. The part about the blue screen was brilliant. I would be pissed if that happened to my company.

@andrew_koala2974

2 жыл бұрын

There are places where such easy entry would be impossible. I being former Military - Airforce [30 years service] have a close friend who is a retired NAVY POLICE Officer. We were discussing aspects of security - He related a story of a NAVAL bus with some 25 personnel on board at the entrance barrier awaiting to be escorted in -- The Particular NAVY POLICE Officer mentioned - made the bus wait until he had scrutinized every ID and validated that it is genuine. He has refused entry to High Ranking officers who failed to carry and present proper ID - even if he recognizes their face - The basis is that they may have been discharged from the Service on the previous day - and would require special authorization to obtain entry. -- Now for you intelligent people - explain the difference between: NAVY and Navy APPLE and Apple ON and on/On To give you a heads up start - They sound the same but that does not mean they are the same.

I would love for him to sit and explain what he thinks of Edward Snowden.

@riskinhos

2 жыл бұрын

the most important and interest question of all that wasn't made

@almostattheendoflife2273

2 жыл бұрын

If he said anything he would be interrogated and watched for the rest of his life. I dont think he wants that.

@hellcatchuck2723

2 жыл бұрын

@@almostattheendoflife2273 So sad but true.

@riskinhos

2 жыл бұрын

@@almostattheendoflife2273 he's already tracked and watched. actually, we all are. assange, snowden and manning show us

@hellcatchuck2723

2 жыл бұрын

@@riskinhos Also very true haha. Screw it talk about Snowden.

Excellent video. You work very well together! Please keep the videos coming

Great video guys, Gaining access internally via social engineering is the only access point to conduct a pen test so I have been told. Really informative looking forward to the next one. Cheers Tony

Well, to do 5000 penetration test in a span of 8 years would mean he was doing about 12 a week, on a 5 day week, that's 2.4 / day, and a 6 day week, 2 / day. How long does a penetration test take because if he did 5000+, then of course those numbers per day will up. I used 8 years because he said 7+ years, meaning more than 7 but less than 8. I'm not trying to troll by any means, just that I've found that when people are asked about their experience, they tend to exaggerate dramatically. Yes, maybe he has done a lot, certainly more than the average viewer I would imagine, but those numbers seem a little high, but knowing the time it takes to do a single, thorough penetration test would be helpful. My preliminary research is showing from a minimum of 1 day to weeks depending on the complexity of the environment, number of hosts, number applications being used, ect.

@Lol-zy5pn

2 жыл бұрын

Step1: Create a methodology Step2: Do a manual pentest on one target Step3: Automate that whole process using bash/python script Step4: Run and Improve that bash/python over time based on new target And Boom, you have a cool automation script which can do 5k pentest in a day as well

@johnwig285

2 жыл бұрын

Because it aint 7+ years but rather more than a decade. He has been doing this for more than a decade, not 7+ years. 7+ years is the time he spent in 1 of the organisations, probably the military. It is an estimate over the whole lifespan of his career.

@pratorian

Жыл бұрын

You also have to consider the fact that he’s totally spit balling how many tests he’s done. Let’s say he’s only done 3200. Over that time span would you really expect that he would, off the top of his head, differentiate between 3200 and 5000?

@updatelaterus8844

Жыл бұрын

7 plus years plus a decade in the military doing offensive cyber operations. So for 17 years definitely seems like 5000 is a plausible number.

@8________________D-

Жыл бұрын

I last about 30 seconds

1:08:00 im really shocked, even my home network has isolated Lan to W-Lan while the password-secured W-Lan is isolated against the puplic acessible W-lan. And this is not cause im paranoid or have stored valueable things on Computers but it´s simply default by the Internet acess router and active until you change them to make such wired bridgings.

This guy is amazing, please bring him again! Can't wait for those courses.

The amount of knowledge and information in this 1 hour is unreal! I was so amazed to find how a professional do its job thanks so much for this video

You are missing one strong peace of equipment: Stingrays, also known as "cell site simulators" or "IMSI catchers,"

I mean come on guys, why do u have to say such a bullshit number like 5000 pentest? How? 5000 days is almost 14 years. This would mean that you had done a single pentest in a day for almost 14 year EVERY day. Like...why are saying such a dumb number? :D

As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.

The number 5000 comes from his experience in the US military... They know how to inflate numbers

🤣 A pen tester that can't do simple math? Over 5000 in 7 years at 2 per week? Are you sure you don't mean testing pens? 😂

Great video! I have many of those same tools, even the exact same TPLink wifi stick. I also always carry a CrazyRadio PA for mousejack attacks. It's astonishing how many computers STILL use wireless keyboards and mice that are vulnerable to mousejack.

David is the goat period! Thanks for your inspirational videos.

I have started studying in Cybersecurity, when I watch this discussion and compare it to what I am reading now days, its huge difference. I hope Neal shares more of his knowledge to the people like me who are new in this field.

Awesome Video, you and Neal have such good flow, he's so incredibly knowledgeable, I'd wish I had someone close to me that had your knowledge to learn from but all my connection are devoid of intrest in anything from programing, game dev, and hacking stuff.

This was the best video I have found for how to get into cyber security. It made me believe I can finally make a career change and get that first job as a pen tester. Off to start that INE course!

thank u again David . The real-world experience is hard to find . thank u for such a great video!!!

YOU TWO GUYS ARE AWESOME AND WANT TO SAY THANK YOU FOR THE WISDOM AND HONESTY👌

I like watching your videos. I didn't know squat about coding, programming, telecommunications... I started looking into it bc my phone was hacked and I wanted to learn how it happened so I know what to look for and how to stop it. I'm learning more than I expected and I like how it's explained in a way that even someone like myself can understand

Happy 1 Million subscribers David!

The two of you have already hacked my head and I just became a bot that runs to all your videos! Waiting for the command center to release more videos. Great content, Neal and you have raised the bar of Quality of Content within Lenght of Video to the roofs!!!

What you guys are doing there is just invaluable! This is the only way to move forward. I hope you will not loose the steam. :)

Brilliant video. Would like to hear more in-field experiences.

Thank you guys for sharing wisdom and waiting for your courses

It's very rare that a 75min video can fly by so quickly. Awesome.

So awesome!! We want an off-site version! 🎉

Great movie Neil and David, definitely subscribing and checking out the osint video once it gets out! Keep up the good work!

I don’t know how I came across this video but I’m so glad I did because I know nothing about this stuff but now I want to know EVERYTHING. This is so cool!

You guys got to the very meat of the cyber field. I love this video. Thanks for sharing.

Thank you very Mr. David, This video changed my instinct and perception entirely. Bless Ya!

This was a FASCINATING interview. #Subscribed Excellent content!!! This whole Interview was so insightful... Cybersecurity is such a word that seems to come with so much... IDK, Hype? I'm still in the very early beg phases of my career, and I'm trying to keep my options open and keep an open mind with my interests and stay aware of any opportunities to shift and grow... but watching this, all the REAL that I heard in this interview, it was very interesting and exciting to me. Great work, both of you!!

Great content. Thank you for spreading knowledge!

Excellent, and insightful discussion regarding "real world" pen-test! Wisdom, comes from knowing how to put knowledge to work. Also loved, the real examples. Please invite Neal back to talk more about , network configuration flaws by network administrators, that has contributed to gaining access to an organizations network(s).

No words to tell, amazing!!! Also I want to become a amazing Hackers like both of you ❤ Thank you Neal and David sir

On a complete side note, I Absolutely loved seeing a V-22 on a cybersecurity video. its as if my two life paths crossed. Thank you for these videos, it keep a feller like me going during a career transition.

As someone who make and configure access control cards, if you have a large group of cards you can definitely tell a lot about a system from it, but you have to combine that with the type of reader etc. Certain type of readers can read certain type of cards, and combined with looking at LED patterns etc you can often see what backend system they use. As long as they use the cards serialnumber and not cards that have encrypted sectors or filesystems, you can get a lot of information from having a bulk of cardnumbers. Usually to be able to make cards for any given system you need 1-100 cards to be able to program new cards from scratch. For standard systems 1 card is often enough. But apart from that there is often a lot easier to just hook on to the comms cables from the card reader if they are accessible and just read & insert the raw signal for the card number between the card reader and the backend system.

this was amazing, thank you so much for sharing your knowledge and wisdom with us

Thank you so much for the great video, i'm really grateful to you both ❤

Thank you guys both for sharing your wisdom!

Anychance you guys can create a podcast series? That would be the icing on the cake with regards to your other created content. Appreciate the effort from all!

I can listen to this all day. good stuff

My hand hurts from all the note taking. Thanks so much for all your help.

I appreciate you guys a lot and couldn't thank you enough because you guys really just keep it real and give straight forward advice without any b.s.and its really hard to come across people that are genuine about helping people that are barrley trying to start out. So yeah thanks again!

When he started talking about people on their smoke break that is so true. They are the most vulnerable ones in the work place.

Thank you so much David and Neal!

thank you very much David for this opportunity, I really appreciate this

@davidbombal

2 жыл бұрын

You're welcome! and Thank you for watching!