Real World Hacking Tools Tutorial (Target: Tesla)
Jason Haddix shows us how he hacks Tesla and other companies.
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal
Jason demonstrates tools and techniques to discover targets using free and low cost tools. Find the weakest link and you can get inside. Learn how to attack the back door or side door instead of the front door.
//Jason's SOCIAL //
KZhead: / jhaddix
LinkedIn: / jhaddix
Twitter: / jhaddix
Github: github.com/jhaddix
Boddobot: buddobot.com/
Bug Hunter’s methodology Course: tbhmlive.com/
// KZhead Videos Mentioned //
Darknet Diaries: • How a Blow-Up Doll Can...
How Nmap really works: • How Nmap really works ...
Real World hacking demo with OTW: • Real World Hacking Dem...
// Websites Mentioned //
Bugcrowd: bugcrowd.com/tesla
Xmind: xmind.app/
Hurricane Electric: bgp.he.net/
Typing Mind: www.typingmind.com/
Crunchbase: www.crunchbase.com/
Occrp Aleph: aleph.occrp.org/
Shodan: www.shodan.io/
Bugcrowd: www.bugcrowd.com/resources/le...
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// TIMESTAMPS //
00:00 - Coming Up
01:14 - Brilliant Ad
01:52 - Introduction to guest
02:51 - Reconnaissance
05:55 - Live Training
06:49 - Real-Life Examples
10:52 - Jason's Background
16:06 - Hacking Tesla
22:40 - Hurricane Electric
27:44 - Security Leading
32:47 - Nmap Scan
34:30 - Crunchspace
37:20 - Wiferion
40:51 - OCCRP Aleph
47:26 - Builtwith
54:32 - Shodan
1:00:30 - IPV 6
1:07:44 - Whoxy
1:15:55 - Kaeferjaeger
1:20:50 - Jason's Online Classes
1:22:06 - Final Thoughts
1:22:24 - Outro
#tesla #hacking #cybersecurity
Jason Haddix shows us how he hacks Tesla and other companies. Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal Jason demonstrates tools and techniques to discover targets using free and low cost tools. Find the weakest link and you can get inside. Learn how to attack the back door or side door instead of the front door. //Jason's SOCIAL // KZhead: kzhead.info LinkedIn: www.linkedin.com/in/jhaddix Twitter: twitter.com/Jhaddix Github: github.com/jhaddix Boddobot: buddobot.com/ Bug Hunter’s methodology Course: tbhmlive.com/ // KZhead Videos Mentioned // Darknet Diaries: kzhead.info/sun/or2cgqhxopOllJE/bejne.html How Nmap really works: kzhead.info/sun/eZaJiMmXpmmBpIU/bejne.html Real World hacking demo with OTW: kzhead.info/sun/hZWanct5iZl8d6s/bejne.html // Websites Mentioned // Bugcrowd: bugcrowd.com/tesla Xmind: xmind.app/ Hurricane Electric: bgp.he.net/ Typing Mind: www.typingmind.com/ Crunchbase: www.crunchbase.com/ Occrp Aleph: aleph.occrp.org/ Shodan: www.shodan.io/ Bugcrowd: www.bugcrowd.com/resources/levelup/bug-bounty-hunter-methodology-v3/ // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // TIMESTAMPS // 00:00 - Coming Up 01:14 - Brilliant Ad 01:52 - Introduction to guest 02:51 - Reconnaissance 05:55 - Live Training 06:49 - Real-Life Examples 10:52 - Jason's Background 16:06 - Hacking Tesla 22:40 - Hurricane Electric 27:44 - Security Leading 32:47 - Nmap Scan 34:30 - Crunchspace 37:20 - Wiferion 40:51 - OCCRP Aleph 47:26 - Builtwith 54:32 - Shodan 1:00:30 - IPV 6 1:07:44 - Whoxy 1:15:55 - Kaeferjaeger 1:20:50 - Jason's Online Classes 1:22:06 - Final Thoughts 1:22:24 - Outro
Can you ask Jason to make available his mind map chart so we can follow through? Thanks
Please bring him back again, David I couldn't purchase his recent course on the bug hunting methodology 450$ because it was so expensive Please, David, create more content with Jason haddix so that those of us who do not have the financial capacity to afford his paid course to partake on his other program with you on KZhead
I enjoyed this episode with Jason pulling the curtain back and sharing his methodology. A part 2 to his mindmap process would be great! Even a part 3!
I have to give Jason props, his information gathering is incredible and most are open source.
Excellent content David! Jason did a great job in throughly explaining his recon methodology. PLEASE continue with Jason for a whole series on his TTPs.
Such great content David. I love that you cover such a wide range of the infosec world. And not only scratch the surface, but ACTUALLY get into these topics. Jason is the man. You should absolutely have him on again. The plethora of knowledge in that brain is incredible
Thank you! Jason will hopefully be back in a month or so :) We've got some cool hacking demos lined up.
Eternally greatful for the content, and all the learning. God speed!
Another great one David! Recon is just such a wide field and I love how your guest really digs in.
One of the greatest videos on Recon. David you’re a blessing to the infosec world. Thank you for bringing Jason in.
Loved this video! What I really wanted to see, even if for a brief moment, was the expanded Level 2 and Level 3 recon checklist topics, be it just out of the mind map or explored more in depth in the video. Looking forward to the next one!
Great episode! Your guest is absolutely phenomenal. Thank you both
Can’t wait for Jason to come back! So knowledgeable on finding which doors you forgot to lock. As a beginner I’d like to learn more about bug hunting, thanks so much David and Jason.
Quick side note, I love that you used McLovin as the example, priceless. Also, I love when people say, “oh that’s too simple, they would never do that.” The example that he said with the demo and the company not setting up authentication is a perfect example. Never think something is too simple because someone is out there using it right now, I’m sure of it.
Jason is AWESOME, please invite him again. This was definitely one of the best videos in the channel, So much value.
Fantastic content, David & Jason! Thank you so much for the video👏. The tools are excellent and easy to jump right into. I look forward to see the follow up 🥳
This has got to be one of my favourite of your videos. A true goldmine for beginners like me. Jason is an amazing teacher.
this is such a great session. Waiting for more sessions like this from Jason.
This is unquestionably the best recon video i've ever seen! Every time im doing bug bounties im always worried about hacking out of scope but this makes a lot more sense.
This was great, I really enjoyed it! Massive thanks to you both! I'd love a continuation of the recon!
What a cool video and I can’t wait to watch the whole thing. I just got to the part where Jason was talking about taking an elective on ethical hacking. Good on the teacher for not getting defensive when he said all the stuff was outdated and directing him to a career.
Again one of the most clear videos on the issue of computer on wheels
That's amazing. I haven't seen anything like this before. Jason explained stuff like it was easy peasy. I love it !
This is such a great video. Love the workshop approach, and Jason is a great speaker easing into his process. Definitely want more of this type of content.
The story about the organization that implemented the demo version of the customer relationship software into production is a great lesson. It’s reminiscent of not updating some platform with a known patch. It also reminds me of implementing appliances and software into production and not changing the default password.
Agreed. People on KZhead often want 0days, but it's often other stuff that gives wins.
Absolutely waiting for the next episode with Jason. Thanks
Wow, that may be the most succinct explanation of an OSINT methodology on the web. Great guest!
The videos I like the most on your channel are were professionals show live pentesting stuff. You can learn a lot by looking over the shoulder of those people. Maybe you could bring TomNomNom or dawgyg on the show. Also the "Ruhr University of Bochum" in Germany is very active in security research of TLS protocol. Maybe you could ask people like Robert Merget if they want to present some of their research and tools on your channel.
Jason did a REALLY GOOD JOB! I hope we get an episode finishing all the levels on recon. I personally would like a video on Gaining access and Maintaining access. THANK YOU DAVID always a pleasure hearing the all too familiar South African accent.
Awesome video. Many of your guests are informative but this has been the most informative I’ve seen thus far for me
I may have just found the thing that I can do every day and never work a day in my life. This type of hyper focused research and determination to not let the other person win is who I am. It's how I function without effort. I had never considered my "rabbit hole" brand of info seeking to be of any particular value beyond my own amusement. Ironically, I had a thought that maybe I am too old to pivot to sec, as my eyes catch a thumbnail titled "Am I too old to get into cybersecurity?"
Wow Thanks for giving Jason H the exposure he deserves !
Thank you @davidbombal for putting up such a great show and inviting the best professionals in the offensive side of security. Will definitely look for the hacking/exploitation stage in the upcoming episode with Jason. Much appreciated your efforts. Keep up the good work
A friend of mine once told me you can play one of two games when it comes to golf; swing the club or hit the ball. When you wind up your swing, the moment you take the stroke there is very little you can do to correct how you are going to hit the ball. If you get your setup correct though, you don't need to worry about the ball any more. Hacking feels similar in that if you do your setup right, the bugs are there and you don't need to worry about making the fine tuned adjustments on a landing page, your setup showed you all the other places you should target instead. The setup is critical.
Excellent Video! I'm a PEN Tester, it's nice to know I'm on the same track and use many of the same tools, BUT this guy has taught me so much and he's so damn knowledgeable and is an excellent GURU!
Great episode i really love the amount of information and we need another episode ❤️
Deam really good stuff, this man thinks out of the box, thanks for sharing with us David 🎉
Great content as usual mate, this shows how to implement a lot of things I've seen into an actual engagement.
I just can't wait to see second part. Thank you for sharing.
If you get him back, I’d love to see him walk us through the NEXT phase of this bug bounty (or any other). Basically, the step AFTER recon. Vulnerability assessment, exploitation, etc. If u can’t do exploitation, then at least the vulnerability scanning. Basically the next step after recon lol. 1) what he does with all these IPs and domains he now has 2) what he’s looking for in the port scans 3) what he uses to assess vulnerable services. What sites or tools he uses to lookup if there are any known vulnerabilities for a particular service. Or vuln scanners, etc. 4) fuzzing (presumably with burp suite), etc
Hi David, Thank you for your video. As always it brings excitement to the IT field.
you never fail to disappoint david. and jason is awesome. i loved this
Absolutely love seein Haddix on David's Bombal's podcast. He should call it the "Logic Bomb" podcast!!
I am totally blown away😁😁 .With this kind of research and attention to detail he can hack any company I cant wait for part 2 , 3 ,4 and 5 .
I really loved this, thanks chaps, would love to see more about ipv4 -ipv6
awesome interview, much concentrated and well-shown material to learn from real pro. I`m so happy to find such an intersting chanel👍
Excellent video! Jason is the real deal! Thanks for having him on David!
Thank you :) Jason is amazing!
the fish behind you and the quote below the fish "mindset is everything" is intresting.
Amazing video. I'd love to see more of Jason.
Thanks for giving him the time to show us all the latest tools he uses. I said before you choose the best to bring on this channel :-)
Nothing like coming home from work and throwing on some David Bombal videos...
One more thing I would like to add to your content is if the period of the video is reduced it will just be awesome! (I can't watch a video that is not related to my profession (hacking is kind of a hobby!)) this will help you gain more attention as your content is already excellent!
I will appreciate a very high level view of Jason's web hacking methodology, just like recon process he could go into which vulnerabilities he tests for, in which order, using which tools or services, Don't go into details like explaining sqli from scratch but just 10,000 feet view of his workflow, and how he prioritizes differet web vulns, and how he goes about testing them.
This is one of the best shows that you uploaded .. I loved it.
Dude, I am glad you grew up to be on the right side. 😊
This is one of the most fantastic security vids I've seen you post in a good while! Thank you David, and Jason!!!
Awesome content. I would luv to see the methodology of his day 2 hacking.
I want to thank you for your excellent videos. I am trying to pivot into cybersecurity and your videos are providing real world examples and experience from some serious experts. I have been listening to Darknet Diaries for a few years now and I love that this ties into that episode. I will even go so far as to forgive your recent Rick Roll on KZhead Shorts. Thank you for the time and experience you are sharing.
That was great, great show always david.
Enjoyed it and it was very informative. Can you provide the checklist so that we can have it in our recon process?
One of the most Brilliant person i met, Jason Haddix.
amazing video as always. Thanks you very much Sir David. Could be nice witrh a follow up with other levels of recon
The only hacker who truly learnt me to RECON without getting lost , Keep going
really enjoyed this Ep. love and respect for David sir and Jason sir!!!
Glad you enjoyed the video!
Legendary session! Thanks so much!
i really like this session there is lot of information i get from here very thanks to both of u
This is amazing, Jason is so epic!
1:13:44 yeah thank you so much guys! I think the git-analysis sounds interesting for sure.
IPv6 at scale takes too long, but most of the internet still runs on NAT. IPv6 doesn't matter if you're using NAT, because it works the same way as IPv4 at the end of the day. One IP running dual stack, find your open ports, and see what is going to forward you into the LAN and what isn't. Same stuff.
Fantastic interview!
Excellent interview and insight 🎉
This really gave me some more practical insight.
This was fantastic. It will be great to cover the hacking itself. Cant wait -- Jason, you r rock bro.. Thanks David! Loved the stories.
Amazing content, Thank you david bombal and Jhaddix.
Ould you please invite him for gull vug biunty course in multiple episodes? This would serve as aspiring students to get a real door to heaven
Excellent video, may I ask what is the application for the fluxogram?
That Goku spirit bomb statue in the back instantly told me that I would like this dude, the statue wasn't wrong.
Jason opens my eyes in to whole new level in the world of hacking.
20:02 this is a very useful list of reconnaisance methods thank you, would love to know about level 2 and 3 methods too
what software is used for it?
More cloud recon techniques! Awesome stuff all around. Any new api recon?
Oi David and Jason, thanks for the interesting content again! 👌
Thanks for watching! Jason is amazing!
Kindly do a session on how to manage assets and what to attack at start what specific asset we should go after.
Rare to see recon in this depth for free publicly 👍
Hey David, any chance to cover physical security aspect of pentesting? Thanks for amazing content ❤
Great suggestion! Any specific people you want me to get on the channel?
@@davidbombal I personally don't know any "famous" individual person for this aspect of security but I'm open to any content covering it, i think it's one of the least talked about subject of pentesting, Thanks again for answering! it means alot to me
@davidbombal Jayson Steel gave some good talks on this subject.
Thanks for the suggestion!
That's amazing!:)❤🎉Thanks for amazing content ❤
You're welcome! I hope you learn something new :)
We need part 2, more content!
Bro you 2 are SO!SO!KNOWLEDGEABLE, IF U 2 WERE BLACK HATS (OH MY DIZZY DIZZY DAYS YOU 2, IME SO DEPRESSED THAT I COULDNT JUMP ON THE TECH TRAIN . HOW YOU FEEL DAVID!""BLA-DDY WONDERUL ME OLD CHINA,JASON +JASON YOU TRULY ARE A LIGHT THAT SHOWS YOU THE WAY..(THANK YOU 2 ,AND LOVE FVROM THE BIRMINGHAM UNITED KINGDOM.)
Boom, unreal data, well done💪🏻👍🏻
Thank you :)
Great! It would be nice to have more such content
awesome content, thank you!
it's so instrutcive for people who wanna learn
Thank you David!!
David do you have videos on how to create a safe hacking environment with all the equipment required talking about programs. Thanks for the videos
I'd love to see how much more you can do Jason
We need to see those corporate training videos on the channel, for science; of course 😉
I would love to see more!!
Thanks for making a great content & providing an insight of BBHTM, Can i please get Jason's XMind map file?
Good stuff David 😊
Thank you 👍
Awesome content. Thanks!
Hello. The same activity can be done with Maltego Community or Recon-ng. What advantages does the use of these websites bring?
19:03 Jason's hacking lab consists of a Windows box that uses a VPC. David, maybe you could make a video on how to build a hacker lab using VPC... Just a suggestion.
bring Jason back, this was so good