David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.
What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!
I love how David knows all the details but asks the questions Noobs like us would! Thank you David!
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and YouTube didn't like them... so I had to remove the video :( Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests. Menu: 0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something ======================= Buy Hak5 coolness here: ======================= Buy Hak5: https://davidbombal.wiki/gethak5 ============================ Buy ShareBrained Technology: ============================ PortaPack: https://www.sharebrained.com/ ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal ================ Connect with Neal: ================ YouTube: https://www.youtube.com/cyberinsecurity LinkedIn: https://www.linkedin.com/in/nealbridges/ Twitter: https://twitter.com/ITJunkie Twitch: https://www.twitch.tv/cyber_insecurity Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it. It's all about legal consent to pentest, social engineering and then the tech knowledge. And there is always more to learn.
I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!
I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.
Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.
Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!
Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!
i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.
This man David Is too sensible with his questions, the best I have seen so far
David this content is unlike any other and pure gold. Thank you very much <3
The amount of knowledge and information in this 1 hour is unreal! I was so amazed to find how a professional do its job thanks so much for this video
David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.
After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!
As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.
The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos
I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On. I recommend this video to anyone who truly wants to be the best they can be.
@JC-go5ds