@balloney2175

David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.

@JC-go5ds

After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.

@Native_love

I love how David knows all the details but asks the questions Noobs like us would! Thank you David!

@davidbombal

My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and YouTube didn't like them... so I had to remove the video :(

Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests.

Menu:
0:00 ▶ Introduction
1:17 ▶ Neal sees pentesting differently
2:00 ▶ Neal's advice from experience
3:18 ▶ Neal's 5,000 pentests
4:30 ▶ Take NSA and experience
5:10 ▶ Preparation is key
5:50 ▶ OSINT
6:30 ▶ Actual Pentest report
7:50 ▶ Pretexting
8:45 ▶ Another real world example
9:30 ▶ Planning is very important
10:15 ▶ Leave stuff in your car?
11:55 ▶ Right tools for the job
12:05 ▶ Top tools
12:30 ▶ Extra cables
12:58 ▶ Hak5 Ethernet cable
13:10 ▶ Is Hak5 a necessity
13:57 ▶ Rubber Ducky
14:30 ▶ Hak5 are great
15:00 ▶ Real world example of equipment
15:30 ▶ You can create your own stuff
16:10 ▶ Your time is money
16:30 ▶ Proxmark
17:30 ▶ Crazy RFID reader
18:50 ▶ Poor planning RFID example
20:20 ▶ Your time is worth something! 
21:00 ▶ Hone your tradecraft
21:20 ▶ Proxmark explanation
21:50 ▶ A reader doesn't give you access. You need a pretext
23:50 ▶ Social engineering
25:50 ▶ You need a story
26:04 ▶ Social Engineering vs tech
29:00 ▶ Physical access is king
30:00 ▶ What to do once past the door
31:19 ▶ Military facility pentest
33:27 ▶ Look for a network port
34:49 ▶ You want to get out of there
35:04 ▶ Hak5 Lan turtle
36:35 ▶ Back of computer vs switch
37:32 ▶ Pop it into the back of the computer
38:11 ▶ What about WiFi
38:50 ▶ TP-Link WiFi Card
39:50 ▶ Ubertooth
40:50 ▶ HackRF One
41:56 ▶ Hak5 Pineapple
42:09 ▶ SDR
43:00 ▶ Real world example
44:13 ▶ Alfa Network Adapter
44:50 ▶ Wifi Hacking
44:49 ▶ Alfa not practical so much
46:20 ▶ You cannot charge for a WiFi pentest
47:17 ▶ You are making it real
47:45 ▶ WiFi can be social engineering
48:47 ▶ Captive portal
49:40 ▶ Rogue Access point
50:40 ▶ Real world wifi pentest example
51:30 ▶ Port Security
51:57 ▶ Hak5 Pineapple access corporate network
52:34 ▶ Always social engineering
53:00 ▶ Pyramid of pain
53:14 ▶ Stuxnet
54:45 ▶ Telsa attack
55:07 ▶ NSA examples
56:32 ▶ Human Intelligence Hacking Example
58:40 ▶ Another hacking example
1:00:18 ▶ WiFi hacking example
1:01:32 ▶ Neal's photo while hacking
1:03:22 ▶ Once inside, you are trusted
1:03:40 ▶ Summary of devices
1:03:55 ▶ Hak5 switch
1:04:08 ▶ Extra cables
1:04:15 ▶ Hak5 Rubber Ducky
1:04:30 ▶ Hak5 Pineapple
1:04:54 ▶ Hak5 Bash Bunny
1:04:58 ▶ Hak5 Packet Squirrel
1:06:26 ▶ Ubertooth
1:06:31 ▶ Proxmark
1:07:00 ▶ Value of networking knowledge
1:07:32 ▶ Neal got his CCNA
1:08:50 ▶ Very few companies use port security properly
1:10:08 ▶ Cain and Abel
1:11:00 ▶ Are zero days worth it
1:12:05 ▶ Shiny objects vs Neal's wisdom
1:13:37 ▶ Real world hard talk
1:14:25 ▶ What do you recommend
1:16:55 ▶ Neal and David going to do something

=======================
Buy Hak5 coolness here:
=======================
Buy Hak5: https://davidbombal.wiki/gethak5

============================
Buy ShareBrained Technology:
============================ 
PortaPack: https://www.sharebrained.com/

================
Connect with me:
================
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal 
Instagram: https://www.instagram.com/davidbombal 
LinkedIn: https://www.linkedin.com/in/davidbombal 
Facebook: https://www.facebook.com/davidbombal.co 
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/davidbombal

================
Connect with Neal:
================
YouTube: https://www.youtube.com/cyberinsecurity
LinkedIn: https://www.linkedin.com/in/nealbridges/
Twitter: https://twitter.com/ITJunkie
Twitch: https://www.twitch.tv/cyber_insecurity

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@akan1783

What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!

@vmsmuenchen5084

I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!

@SpragginsDesigns

I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it. 
It's all about legal consent to pentest, social engineering and then the tech knowledge. 
And there is always more to learn.

@LamarAerospace

I love these stories!  I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab.  This for me, is the best way of learning.

@Tao_Peace

Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!

@JasonWh

As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.

@itstimeyourepent5258

This man David Is too sensible with his questions, the best I have seen so far

@jefff502

Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.

@maref163

The amount of knowledge and information in this 1 hour is unreal!  I was so amazed to find how a professional do its job thanks so much  for this video

@dougOptics

Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!

@fearkrypton4565

0:00 ▶ Introduction
1:17 ▶ Neal sees pentesting differently
2:00 ▶ Neal's advice from experience
3:18 ▶ Neal's 5,000 pentests
4:30 ▶ Take NSA and experience
5:10 ▶ Preparation is key
5:50 ▶ OSINT
6:30 ▶ Actual Pentest report
7:50 ▶ Pretexting
8:45 ▶ Another real world example
9:30 ▶ Planning is very important
10:15 ▶ Leave stuff in your car?
11:55 ▶ Right tools for the job
12:05 ▶ Top tools
12:30 ▶ Extra cables
12:58 ▶ Hak5 Ethernet cable
13:10 ▶ Is Hak5 a necessity
13:57 ▶ Rubber Ducky
14:30 ▶ Hak5 are great
15:00 ▶ Real world example of equipment
15:30 ▶ You can create your own stuff
16:10 ▶ Your time is money
16:30 ▶ Proxmark
17:30 ▶ Crazy RFID reader
18:50 ▶ Poor planning RFID example
20:20 ▶ Your time is worth something! 
21:00 ▶ Hone your tradecraft
21:20 ▶ Proxmark explanation
21:50 ▶ A reader doesn't give you access. You need a pretext
23:50 ▶ Social engineering
25:50 ▶ You need a story
26:04 ▶ Social Engineering vs tech
29:00 ▶ Physical access is king
30:00 ▶ What to do once past the door
31:19 ▶ Military facility pentest
33:27 ▶ Look for a network port
34:49 ▶ You want to get out of there
35:04 ▶ Hak5 Lan turtle
36:35 ▶ Back of computer vs switch
37:32 ▶ Pop it into the back of the computer
38:11 ▶ What about WiFi
38:50 ▶ TP-Link WiFi Card
39:50 ▶ Ubertooth
40:50 ▶ HackRF One
41:56 ▶ Hak5 Pineapple
42:09 ▶ SDR
43:00 ▶ Real world example
44:13 ▶ Alfa Network Adapter
44:50 ▶ Wifi Hacking
44:49 ▶ Alfa not practical so much
46:20 ▶ You cannot charge for a WiFi pentest
47:17 ▶ You are making it real
47:45 ▶ WiFi can be social engineering
48:47 ▶ Captive portal
49:40 ▶ Rogue Access point
50:40 ▶ Real world wifi pentest example
51:30 ▶ Port Security
51:57 ▶ Hak5 Pineapple access corporate network
52:34 ▶ Always social engineering
53:00 ▶ Pyramid of pain
53:14 ▶ Stuxnet
54:45 ▶ Telsa attack
55:07 ▶ NSA examples
56:32 ▶ Human Intelligence Hacking Example
58:40 ▶ Another hacking example
1:00:18 ▶ WiFi hacking example
1:01:32 ▶ Neal's photo while hacking
1:03:22 ▶ Once inside, you are trusted
1:03:40 ▶ Summary of devices
1:03:55 ▶ Hak5 switch
1:04:08 ▶ Extra cables
1:04:15 ▶ Hak5 Rubber Ducky
1:04:30 ▶ Hak5 Pineapple
1:04:54 ▶ Hak5 Bash Bunny
1:04:58 ▶ Hak5 Packet Squirrel
1:06:26 ▶ Ubertooth
1:06:31 ▶ Proxmark
1:07:00 ▶ Value of networking knowledge
1:07:32 ▶ Neal got his CCNA
1:08:50 ▶ Very few companies use port security properly
1:10:08 ▶ Cain and Abel
1:11:00 ▶ Are zero days worth it
1:12:05 ▶ Shiny objects vs Neal's wisdom
1:13:37 ▶ Real world hard talk
1:14:25 ▶ What do you recommend
1:16:55 ▶ Neal and David going to do something

@jacobfinder7476

I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On.  I recommend this video to anyone who truly wants to be  the best they can be.

@BillBatsonn

David this content is unlike any other and pure gold. Thank you very much <3

@willsmith2058

After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!

@jaredb.1706

Fantastic, keep this kinda of real world content coming.  I returned to school pursuing my first degree because of you two!   AMAZING STUFF!

@jasonpitts8395

The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos