very good video. Linux is everywhere. IOT device are most vulnerable nobody bothers to make them secure. I was surprised he couldn't login in with just admin/password
@josephsalazar609611 күн бұрын
got a fix for virtual box?
@Mindmapers16 күн бұрын
i watched this video multiple times and did everything you said, but I couldn't understand and open any online apk apps :( some on help me please
@yashwanthd199824 күн бұрын
android 11 doesnt allow this
@wicorn29Ай бұрын
Bob
@tommywurzbacher7519Ай бұрын
vmnetcfg is not available in vmware player. If I select only select the correct wifi adapter in the vm settings it does not solve the problem. I've tried that before :(
@michaelprenez-isbell8672Ай бұрын
sorry, doesn't work at all. as soon as I enter the proxy on the iphone, disconnected from internet. no good.
@JSONSECАй бұрын
Thats 'meant' to happen, you need to install the certificates to allow it to pass through SSL traffic
@JohnJohnson-ch6xqАй бұрын
Which is the best Web app penetration testing certication? Apart from GIAC
@JSONSECАй бұрын
The best one is the one that you learn the most from. It's a bit dry by Burp academy will teach you everything you need to know, for free, but has a pretty tough exam
@user-vk5xj6xz1x2 ай бұрын
Working Super!
@anolghosh95012 ай бұрын
is there any possibilities to non rooted android?
@JSONSEC2 ай бұрын
I haven't checked in recent years, but you needed root to install a root CA, it might be different now
@shawnmendrek35442 ай бұрын
CCTV or die. But remember your wires can be 'modded'. I suggest anyone with CCTV check their wires to make sure it is not spliced. Jam cams are 100% real yet highly illegal, but very cheap, yes we can jam your cameras of all kinds even CCTV, make sure to do perimeter checks to make sure your cam works and it not jammed(hacked) to produce a single still frame for as long as a hacker wants. You never know who is watching you. I suggest folk just open their eyes, if I can think it, they are probably doing it. What I said is not saying I approve of these things. It is an illegal attack on someone. But be aware, you are not secure just because you have a paid for security for the home. Nothing is 100% secure. Don't believe me? Look at them folk with security systems, gates ect and still get robbed. Get a dog, cameras, guns, problems solved, but remember those close to you who are in good standing w/you, your dog will not bark at them if they broke in your home most likely. So...
@trustedsecurity60392 ай бұрын
Like all what mandiant do, all marketing but shit under the hood
@DC133712 ай бұрын
Great demonstration
@aymenameri63792 ай бұрын
the wifi network not an option for me can i use usb cable . and thanks
@lobocito3652 ай бұрын
You are a god, just saved me big time <3 thanks a lot.
@Pwnedby3 ай бұрын
What abouts TLS?
@ab5651883 ай бұрын
Great vid,so basically ur saying fixed ips are a major security risk!This wouldn't happened with CGNat
@Mike-cp1tj3 ай бұрын
but don't you need the target to have socat to be installed? on Windows target isnt this super unlikely
@JSONSEC3 ай бұрын
Pretty common on Linux, windows you can drop a poweshell one liner
@user-rr8jg5hn5b3 ай бұрын
Thanks for sharing, this is really cool, even 4 yrs later LOL! Please correct me if I’m wrong, this is only for when you are on the same network as your laptop with burp running, and for specific use case, right? Thx! @Jason
@JSONSEC3 ай бұрын
Yep , have to be on the same network
@user-rr8jg5hn5b3 ай бұрын
Ah okay, still very cool, thanks for sharing 😃
@x.6983 ай бұрын
your twitter is not available
@x.6983 ай бұрын
i want ask you > why i can't see all request in burp andriod or ios
@JSONSEC3 ай бұрын
Youll probably find your requests are only HTTP and no HTTPS which means you need to install the burp as Root CA on Local Machine
@I4MDD4 ай бұрын
i am using hotspot from phone
@JSONSEC3 ай бұрын
Shouldn't matter, be sure to just connect to the devices local ip
@marcuscto4 ай бұрын
Apparently Mandiant is not "trying harder" instead enriching faster :)!
@rickjames30344 ай бұрын
Good to see you again!
@Firoz9004 ай бұрын
Hello Jason. Thank you.
@2704minhmeo5 ай бұрын
Thank you very much :) Your video is exactly what I have been looking for. Very short and easy to follow.
@alikhalil64635 ай бұрын
Is it possible to get all the flags without using cobalt strike?
@JSONSEC4 ай бұрын
I guess it would be possible, but you cant load in any external tools, so good luck i guess? The course is focused on CS though, so silly not to use it
@Teaching_crack5 ай бұрын
Hi i dont have same wifi how to use without same wifi i need get capture request app
@JSONSEC3 ай бұрын
The tutorial is built around the Alpha as it has specific drivers required for this. You can get one on Amazon for pretty cheap
@tiknikalsupport5 ай бұрын
❤
@lindacupples33816 ай бұрын
thanks so much!
@priyanshukanojiya61286 ай бұрын
Do you take projects of hacking apps if yes tell me i wanna hack of game( fun game) of Android which runs on online server I'll pay you the amount which was desired if game works
@KwanasiaReynolds6 ай бұрын
Hello new here need help !
@MarkPurmal6 ай бұрын
Thx,
@davidlevi72896 ай бұрын
How do I do this on a Mac for VMware fusion pro 13 😭
@SpamSandra-lh3nq6 ай бұрын
great!!!
@user-kr6gv7sg2p7 ай бұрын
нужен сниф не андроида, а андроид приложения на андроиде! Это чуть чуть разные вещи же!
@yux1an7 ай бұрын
I'm having problems with the csrf token being updated, it updates the token only to the original csrf selected on the macro and does not generate anything new. Any ideas why would this happen?
@Dilipkumar-by2wu6 ай бұрын
I'm having the same issue but in my case it's session_code do you got solution to this?
@devious75907 ай бұрын
i keep getting "burps server ip address could not be found" any suggestions?
@devious75907 ай бұрын
when trying to get my ca certificate
@paroussis7 ай бұрын
i feel exactly the same way. im half way through and dont feel like ive repped out the commands enough
@jeanfabien887 ай бұрын
thanks it works for me ! i can't believe VMware don't do it right automatically... 2 firsts EJPT modules clear for now 25/11/2023 15h42
@JSONSEC7 ай бұрын
Great work! Keep it up!
@cirodemeloleite29957 ай бұрын
Hello, how are you guys? So, I want to master cyber security but I have 0 experience, the only experience I have with pc is playing games, 6 weak months of mysql workbench(that made me hunger for cyber security and help others stop getting scammed, since my folks lost almost all of their 20 years of savings getting hacked last year, I had to left college and no one was able to help) and a little bit of technical assistance(Im opening my own shop soon). Which path you recommend me going?
@JSONSEC7 ай бұрын
What my video on the Subject, How to build a cyber security Career
@technicaldevilsworld15577 ай бұрын
I purchased a labs from crto called open rto labs but they are not connecting to open vpn both are on different network and also cobalt strike is not install and there is no internet access to install any help from your side
@JSONSEC7 ай бұрын
jump on the discord, Rasta is pretty responsive
@martinlastname85488 ай бұрын
Thanks. You seem to be the only person informing people on this.
@miravlix8 ай бұрын
That is not a IoT camera, that is a random INTERNET DEVICE. It is like selling a windows PC to people, my test showed putting a Windows PC on the net just purchased to download security fixes would get it hacked before you get the fixes downloaded. Your trying to look smart but you never explain how STUPID the setup is that allow people direct access to devices. All modern setups is build around NOT ALLOWING DIRECT ACCESS. The device, whatever PC or otherwise make OUTBOUND connections, so you need to be INSIDE the "firewall" to attack it or attack a remote "cloud" service that the device connect to and other devices connect to in order for the two device to talk.
@JSONSEC8 ай бұрын
Hey mate, you're not wrong. I did say that in the intro that this is a simplified configuration. That being said, if you're on the same network or someone has configured something wrong this is all valid. The point is to demonstrate how this could be an attack vector.
@brunom121118 ай бұрын
My biggest tip is: do the labs with windows defender enabled, if you only pratice with windows defender disabled you will have a hard time
@JSONSEC8 ай бұрын
Agreed, maybe first round without defender so you can learn the principals without obstruction, then enable for your 2nd round
@brunom121118 ай бұрын
@@JSONSEC I agree 100%. The first time is nice to do without defender to understand how the tools and TTPs work, then it's better to enable to learn how it will be in a real life environment and the problems you may face trying to evade defense
@xbaleks46098 ай бұрын
@@brunom12111 hey man, am willing to take the CRTO course, can you answer my question please, as someone who doesnt have experience can recommend it for me, if i practice with defender enabled is it going to be easy for me in the exam ? i mean looking at the modules in CRTO i mean its not something weird for me as i was reading a lot of blogs posts and stuff but didnt practice before, can CRTO Labs be enough for the preperation ? and what is the hardest thing you encoutered in this course? thanks.
@justinegillen60688 ай бұрын
How can you delete a suspicious notification that you have a message on WhatsApp without opening up the message
@JSONSEC8 ай бұрын
If it's a fake Whatsapp notification, just follow the process in this video Else, if it's a WhatsApp scam, just report as spam without clicking on any links in the messages. How that helps !
@dulemagija85848 ай бұрын
I don't get it, based on what he generates new csrf tokens every time?
@JSONSEC8 ай бұрын
Exactly, it will automatically update the csrf so you don't have to
@khurramsaqib58909 ай бұрын
Can Red Team Operator course be relevant and useful for the preparation of OSCP?
@JSONSEC9 ай бұрын
It's probably better to do it after to enhance your skills post oscp
@animaljam12319 ай бұрын
so when im on the last step to search and make sure burp is capturing anything, it does capture something but the internet is still unusable so it doesnt actually capture anything useful.
@animaljam12319 ай бұрын
nevermind! i was confused. i was turning intercept on and then i realized that i needed to go to http traffic on burp to see. when i had intercept on, is when the wifi on my ios device would stop working. thanks!