After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.
I love how David knows all the details but asks the questions Noobs like us would! Thank you David!
My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and YouTube didn't like them... so I had to remove the video :( Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests. Menu: 0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something ======================= Buy Hak5 coolness here: ======================= Buy Hak5: https://davidbombal.wiki/gethak5 ============================ Buy ShareBrained Technology: ============================ PortaPack: https://www.sharebrained.com/ ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal ================ Connect with Neal: ================ YouTube: https://www.youtube.com/cyberinsecurity LinkedIn: https://www.linkedin.com/in/nealbridges/ Twitter: https://twitter.com/ITJunkie Twitch: https://www.twitch.tv/cyber_insecurity Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!
I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!
I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it. It's all about legal consent to pentest, social engineering and then the tech knowledge. And there is always more to learn.
I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.
Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!
As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.
This man David Is too sensible with his questions, the best I have seen so far
Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.
The amount of knowledge and information in this 1 hour is unreal! I was so amazed to find how a professional do its job thanks so much for this video
Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!
0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something
I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On. I recommend this video to anyone who truly wants to be the best they can be.
David this content is unlike any other and pure gold. Thank you very much <3
After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!
Fantastic, keep this kinda of real world content coming. I returned to school pursuing my first degree because of you two! AMAZING STUFF!
The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos
@balloney2175