Ex-NSA hacker tools for real world pentesting

What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!

akan

After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.

JC-gods

David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.

balloney

I love how David knows all the details but asks the questions Noobs like us would! Thank you David!

Native_love

I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!

vmsmuenchen

Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!

dougOptics

I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it.
It's all about legal consent to pentest, social engineering and then the tech knowledge.
And there is always more to learn.

SpragginsDesigns

Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.

jefff

I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.

LamarAerospace

Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!

Tao_Peace

Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.

joebob

After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!

willsmith

David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.

hansjswart

David, a huge thank you to yourself and Neal for taking the time to make such a great and educational video. I'd have to say this is one of your best videos that I've seen, and we all know how high quality all your other ones are !

gregm.

i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.

ysegrim

David this content is unlike any other and pure gold. Thank you very much <3

CliffCarmichael

The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos

jasonpitts

As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.

JasonWh

This man David Is too sensible with his questions, the best I have seen so far

itstimeyourepent

0:00 ▶ Introduction
1:17 ▶ Neal sees pentesting differently
2:00 ▶ Neal's advice from experience
3:18 ▶ Neal's 5, 000 pentests
4:30 ▶ Take NSA and experience
5:10 ▶ Preparation is key
5:50 ▶ OSINT
6:30 ▶ Actual Pentest report
7:50 ▶ Pretexting
8:45 ▶ Another real world example
9:30 ▶ Planning is very important
10:15 ▶ Leave stuff in your car?
11:55 ▶ Right tools for the job
12:05 ▶ Top tools
12:30 ▶ Extra cables
12:58 ▶ Hak5 Ethernet cable
13:10 ▶ Is Hak5 a necessity
13:57 ▶ Rubber Ducky
14:30 ▶ Hak5 are great
15:00 ▶ Real world example of equipment
15:30 ▶ You can create your own stuff
16:10 ▶ Your time is money
16:30 ▶ Proxmark
17:30 ▶ Crazy RFID reader
18:50 ▶ Poor planning RFID example
20:20 ▶ Your time is worth something!
21:00 ▶ Hone your tradecraft
21:20 ▶ Proxmark explanation
21:50 ▶ A reader doesn't give you access. You need a pretext
23:50 ▶ Social engineering
25:50 ▶ You need a story
26:04 ▶ Social Engineering vs tech
29:00 ▶ Physical access is king
30:00 ▶ What to do once past the door
31:19 ▶ Military facility pentest
33:27 ▶ Look for a network port
34:49 ▶ You want to get out of there
35:04 ▶ Hak5 Lan turtle
36:35 ▶ Back of computer vs switch
37:32 ▶ Pop it into the back of the computer
38:11 ▶ What about WiFi
38:50 ▶ TP-Link WiFi Card
39:50 ▶ Ubertooth
40:50 ▶ HackRF One
41:56 ▶ Hak5 Pineapple
42:09 ▶ SDR
43:00 ▶ Real world example
44:13 ▶ Alfa Network Adapter
44:50 ▶ Wifi Hacking
44:49 ▶ Alfa not practical so much
46:20 ▶ You cannot charge for a WiFi pentest
47:17 ▶ You are making it real
47:45 ▶ WiFi can be social engineering
48:47 ▶ Captive portal
49:40 ▶ Rogue Access point
50:40 ▶ Real world wifi pentest example
51:30 ▶ Port Security
51:57 ▶ Hak5 Pineapple access corporate network
52:34 ▶ Always social engineering
53:00 ▶ Pyramid of pain
53:14 ▶ Stuxnet
54:45 ▶ Telsa attack
55:07 ▶ NSA examples
56:32 ▶ Human Intelligence Hacking Example
58:40 ▶ Another hacking example
1:00:18 ▶ WiFi hacking example
1:01:32 ▶ Neal's photo while hacking
1:03:22 ▶ Once inside, you are trusted
1:03:40 ▶ Summary of devices
1:03:55 ▶ Hak5 switch
1:04:08 ▶ Extra cables
1:04:15 ▶ Hak5 Rubber Ducky
1:04:30 ▶ Hak5 Pineapple
1:04:54 ▶ Hak5 Bash Bunny
1:04:58 ▶ Hak5 Packet Squirrel
1:06:26 ▶ Ubertooth
1:06:31 ▶ Proxmark
1:07:00 ▶ Value of networking knowledge
1:07:32 ▶ Neal got his CCNA
1:08:50 ▶ Very few companies use port security properly
1:10:08 ▶ Cain and Abel
1:11:00 ▶ Are zero days worth it
1:12:05 ▶ Shiny objects vs Neal's wisdom
1:13:37 ▶ Real world hard talk
1:14:25 ▶ What do you recommend
1:16:55 ▶ Neal and David going to do something

fearkrypton