Stephen Sims shares his years of experience with us and shows us how we can make money hacking. But be careful - some of the options are not recommended. // Stephen's Social // KZbin: www.youtube.com/@OffByOneSecurity/streams Twitter: twitter.com/Steph3nSims // Stephen Recommends // Programming Tools: Online Compiler, Visual Debugger, and AI Tutor for Python, Java, C, C++, and JavaScript: pythontutor.com/ PyCharm - Python IDE with Great IDA Pro Support:www.jetbrains.com/pycharm/ VS Code:code.visualstudio.com/ Patch Diffing: Windows Binary Index for Patch Diffing:winbindex.m417z.com/ BinDiff Tool for IDA Pro, Ghidra, or Binary Ninjawww.zynamics.com/bindiff.html Diaphora Diffing Tool for IDA Prodiaphora.re/ PatchExtract for Extracting MS Patches from MSU Formatgist.github.com/wumb0/306f97dc8376c6f53b9f9865f60b4fb5 Vulnerable Things to Hack HackSys Extreme Vulnerable Driver:github.com/hacksysteam/HackSysExtremeVulnerableDriver WebGoat - Deliberately Insecure Application:owasp.org/www-project-webgoat/ Damn Vulnerable Web App:github.com/digininja/DVWA Buggy Web App:itsecgames.com/ Gruyere Cheesy Web App:google-gruyere.appspot.com/ Metasploitable:sourceforge.net/projects/metasploitable/files/Metasploitable2/ Damn Vulnerable iOS App:resources.infosecinstitute.com/topics/application-security/getting-started-damn-vulnerable-ios-application/ OWASP Multillidae:github.com/webpwnized/mutillidae Online CTF’s and Games: SANS Holiday Hack 2023 and Prior:www.sans.org/mlp/holiday-hack-challenge-2023/ www.holidayhackchallenge.com/past-challenges/ CTF Time - A great list of upcoming and previous CTF’s!:ctftime.org/ KZbin Channels: www.youtube.com/@davidbombal www.youtube.com/@NahamSec www.youtube.com/@OffByOneSecurity www.youtube.com/@_JohnHammond www.youtube.com/@ippsec www.youtube.com/@LiveOverflow/videos Free Learning Resources: SANS Free Resources - Webcasts, Whitepapers, Posters & Cheat Sheets, Tools, Internet Storm Center:www.sans.org/security-resources/ Shellphish - Heap Exploitation:github.com/shellphish/how2heap Exploit Database - Downloadable Vulnerable Apps and Corresponding Exploits:www.exploit-db.com/ Google Hacking Database (GHDB):www.exploit-db.com/google-hacking-database Google Cybersecurity Certificate:grow.google/certificates/cybersecurity/#?modal_active=none Phrack Magazine:www.phrack.org/ Kali Linux:www.kali.org/get-kali/#kali-platforms Slingshot Linux:www.sans.org/tools/slingshot/ Books & Articles: Gray Hat Hacking Series: amzn.to/3B1FeIK Hacking: The Art of Exploitation: amzn.to/3Us9Uts A Guide to Kernel Exploitation: amzn.to/3vfY8vu Smashing the Stack for Fun and Profit - Old, but a classic:inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Understanding Windows Shellcode - Old, but still good:www.hick.org/code/skape/papers/win32-shellcode.pdf Great list of exploitation paper links from Shellphish!:github.com/shellphish/how2heap#other-resources // Stephen’s previous videos with David // Free Exploit development training (beginner and advanced) kzbin.info/www/bejne/gojQqmaqbZl0f9E Buffer Overflow Hacking Tutorial (Bypass Passwords): kzbin.info/www/bejne/mWOlp4Zoi9Z3jck // David's SOCIAL // Discord: discord.com/invite/usKSyzb X / Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:00 - Intro 01:11 - Stephen's Experience 03:10 - How to Change Careers 05:39 - How do I Become an Expert? 08:01 - Cyber Crime 12:47 - Ransomware 16:42 - Ransomware with A.I 23:15 - Bug Bounties & Disclosures 28:22 - Web Bug Bounties 33:45 - Binary Exploitation 41:18 - Patching and n-Day Exploits 48:56 - What is the Patch Level in the Target Org? 51:47 - Diffing Example 55:40 - Professional Services 01:03:34 - Exploit Sales Considerations 01:13:07 - The Golden Era of Hacking 01:15:00 - Zero to Hero 01:27:01 - OffByOneSecurity 01:37:42 - Conclusions 01:39:43 - Outro apple ios android samsung exploit exploit development zero day 0day 1day Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

The people saying your content is “too simple” already have the knowledge to determine what they need to know. Thanks for making content that’s easy to understand. And for having conversations with interesting well spoken professionals in the field.

This guy's craaaazy! You can see his passion in his facial expressions, his tone of voice (and that he probably didn't blink for 90') and his blunt honesty! Congrats to both! Awesome stuff! Keep it coming!❤

Excellent video as always, great job David.

WHOA!!!!! I'm just using a tiny piece of what he talked about and I'm seeing some crazy skill and ability expansion! Loving it!!!

Please one video with Zaid Sabih (Zsecurity) 🙏🙏🙏🙏

Simon Sims did great work. The hardest part about overcoming plateaus is related to repurposing the energies which are required for the development of new strategies and not overworking the same patterns of behavior. It is probably best to find a way to take less from the same resource while considering other skills which can improve the likelihood of breaking from poorer behaviors.

This video is so interesting. I'm currently studying ISC2 CC and hoping to take the exam in the next few weeks. Looking forward to starting my career path, even though I am entering the cybersecurity career late (I'm 49, 50 in February).

I’d like to see a video about reading and understand the rules to bug bounties. There’s a lot of in scope and out of scope instructions that as a new bug bounty hunter might find hard to understand and knowing what is legal and illegal.

I wish I knew this guy. I'm learning stuff slowly but I've been learning solo, and going at it blind. Not only new to networking. But learning the capabilities of hacking and coding, and Linux in general. And man, I know I've got something important, I just don't know what it actually means. It's a total brain scrambling situation.

Wow, I have been doing IT for 25 years and this was like am I noob lol! I think I will have to crawl first before I try running. Thanks for the new prospective.

Been loving these videos with Stephen! Extremely inspiring what you can learn and do

Excellent guest within the first 23 minutes, he made the best point of all. Just keep at it and if your heart in it with hard work, my dad says work, as opposed to hard, if you really want it, you will be successful. Not 100% guaranteed but damn close! Read the book 10,000 hours.

Very enjoying. Thank you so much David bombal sir for giving us such valuable content. May you live long David sir❤❤❤

I don’t have any friends or social life… where do I start?

Such a humble guest. You both are such great mentors to the community.

This was top notch informative and great insights into last vulnerabilities. Thank you, Gentlemen

Stephen is my favorite guest, hands down.

That was a really nice interview! Thank you both for sharing 😀

Stephen Sims is the only guy I have seen until now who has not allowed David Bombal to utter a word. Such a remarkable guy../😆😅

Excellent guest within the first 23 minutes, he made the best point of all. Just keep at it and if your heart in it with hard work, my dad says work, as opposed to hard, if you really want it, you will be successful. Not 100% guaranteed but damn close! Read the book 10,000 hours. As I love to say nothing worth having comes easy or overnight.

Thanks for this David, I am 30 years old and really enjoy videos like this. I am trying to get into bug bounties, and break into the ethical hacking field. I have no experience in tech, but am willing to go all in and learn this stuff, as it’s very interesting and I’m in need of a career switch, any advice or words from you would be much appreciated! Your content has truly inspired me to believe this is possible for me!

Wooow this guy is so knowledgeable . Yet another great video thank you 😁😁😁

„The big opportunity, depending on where you are located“ is like telling people without a somewhat solid education, to go out and try to find mistakes from people with such education. I dont say it never happens but the odds seem pretty against one site of that equation.

As always your videos and your guests are awesome! Thank you so much for sharing!

Brilliant video, you nailed every detail. I’ve been trying to follow this format for my own channel.

Fantastic work, David! I couldn't help but notice a minor detail - there seems to be a slight echo from your microphone picking up Stephen's audio. Thank you so much for your dedication and the great content you provide!

Yea a python memory scanner for a 16 digit number that use the luhns algorithm and to save 80 bytes on each side and search for date code. Was easy with AI to Easy.

Great video as always, really just had to watch the full video before going to sleep even if it was 1 am. Good job David and Stephen.❤

Amazing amazing content David, you are building a world class Cyber Platform

These two are beyond top-notch. Thanks guys! Could you ever touch on Kali Linux and the best books to teach for certifications and which to go for first etc. Thanks.

watched it all, Bro is really smart, looks like a Dark Version of EMINEM but for Hacking.. really cool! thanks for everything you shared here!👌👌

Great stuff as always on this amazing channel! However, some of the AI fear mongering just got me. What kind of ran-som-wa-re, related to your discussion, would an AI be able to code that a skilled ransomware coder (at the age of 16 or 55 years old.. :/ ) would not be able to? And, whatever the technology available; is it not (as always) the willingness, funds and determination to do "bad" (bad in "" as also this is a matter of definition and circumstance..) that is the driving factor? You see, world is full of capable programmers, AI and human.. the problem is that most of us simply find creating a program like that flipping disgusting - even if we easily can..

1:15:05 "I stuck with the dog theme, [...] and over on the right, that dog is beefed up, and how do you get there?" WIth photoshop, hopefully, because HOLY MOLY, what a dog! 🤣 But great presentation and very informative. I've always wondered about these things and about how safe you are as a hacker, and yeah, you have to be sensible and careful. I loved the moment Stephen was talking about a guy who could hack insulin pumps and pacemaker, and said out loud what it would do and immediately followed it up by saying he wouldn't know anything about that 🤣Whether that is true or not, that is a great follow up 🤣

0:01 Zerodium? I thought that was the Periodic Table . . . for Hackers!

Great Video , Really keep going David I'm big fan for your channel and videos , Please need more podcasts ! :)

David thank you for this insightful interview. This lad is amazing!

Love your video, sir and Please make a full series on termux

Thank you for your awesome content and guests!

It took me all day to watch but I watched it from start to finish. Very cool and informative video.

Hi Mr. Bombal! Could Mr. Sims talk about "higher level" OSINT stuff like: - image processing, geolocation, visual analysis, - timelapse reconstruction, 3D-reconstruction, - AI-enlarged close-up of the item/image, digital reconstruction (of the image), dimensional analysis, etc. Stuff used in law enforcement - tracking criminals and rescuing lost/kidnapped people. Thanks for your consideration!

I am not sure if anyone can answer this, and I am somewhat embarrassed to say, but I am 70 years old and just starting a website. Am I too old to get started, or is there still a chance for me to succeed in this venture? I would appreciate any advice or encouragement you can provide.

Dr. S.S, you have an amazing vibe about you, , and your aura snever seeems to dim or flicker it tays on bright

I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS

Is it bad that im transitioning in to cybersecurity being that im in my late 30s. In 13 months out from getting my cybersecurity degree. Yes i fully realize im still a noob and by no means have much experience in the field. Im definitely a hands-on learner!! Any recommendations? I will also start studying and taking practice exams for my network plus cert...this summer semester 2 of my courses are security fundamentals and principles for information assurance.

This was really great, Stephen is a really cool guy!

Great video and brilliant!! Is it possible to learn most of the basic in one year?

I don't know why I love the "Baby Boy" movie reference, mayber cause I just watched it..😅 nah but thanks for the content, it really opened my mind to the dark web and the clear web in a matter of whats possible from a hacker point of view.."Gunz N Butter" 😅

Zerodium reminds me of when Kevin Mitnik was there and how he refused to tell an interviewer about some zero-day exploits😂..

Mr.stephen I think you should make a complete video on this topic..

How do I get in the ethical hacker field? I’m currently studying CompTIA A+ and it is so boring.

Good video! I love Tear you Apart -She Wants Revenge

54:48 what diff tools are you using ?

Thanks so much David From Ethiopia

I would NOT say your content is to simple.

Thanks David ❤ I wish you would make a video about Pwnagotchi 😊

Thanks David! Was waiting for it

Sir please tell me how can I unlock bootloader of my vivo y83 smartphone?? Please Please please Please Please Please

Great video, lots of great insight and truths. It gives me something to think about but I do agree continuing to study is a must.

30 seconds in and we are already talking about pissing off interpol.

Please one video with Networkchuck 🙏

50:50 is there something more than a single pixel? R2$? 1:13:10 under that armor it's still a dog that wags its tail when it gets a treat...

Related sad news, recently KZbin's Institute for Human Anatomy, a well-loved channel was hacked! Lord have mercy!

Stephen reminds me of “Tommy” from the TV show “Power”

thanks so much , we need more videos of Stephen , less of OTW

Wow you're making a lot of content. Thank you

This video is so ADHD ❤ Respect.

At 14 minutes into your video-that's the plot in the beekeeper movie

Thanks🎉 David I’m from Algeria

Just what I needed thanks Mr Bombal

if that's easy then other more experienced hackers have done it already....if the bounties are still there maybe their too hard for the average mr robot

I think this was a good video with good content. The problem is who has $8,000 to $10,000 dollars to be able to take a Sans course?

The insert at 21:30 is Budapest and not Bucharest.

Imagine VPNing into TOR

steven is anonymouse is that the guys name who hides under the dark hooded clock? that's him i can tell his voice and mannerisms scream it ...very cool

absolutely fantastic presentation

never give sensitive code or data to cloud based ai tools . only do it with locally ran ones. it can lead to leaks . and it has already happened to some coders . stay safe

Wow, great video Still on it thou 💯💯💯 thanks 😊

What stopping you from selling both to the government and them ?

This is a great informative session

Very interesting listening to him. Thanks

Guns & Butter. I love Baby Boy 😁😂

Am happy with a Thank you for a bounty 😂

When you thought sir Bombal has done it all,. then he comes with more masterpiece content . Bravo

Why am i listening to an author who references the ross ulbright story, the well known story of how they created a distraction to get him to step away from his laptop, possibly the most famous dark web figure of all time, but doesnt have the name or the details

Hey David . H r u? I have a question. Can I learn cyber security without have a good pc. I have celeron laptop. Can I learn on the cloud? It would be helpful if you can Please guide.

Great information, but what is not being said is that it takes a team to of cyber engineers to reverse engineer, write the exploits and chain them for those high paid bounties. Each team member has a speciality of b reversing Mobile, OS, Network, etc.. and building a custom fuzzer and writing the exploits. Those bounties are not usually paid out to a single invidual doing all of the work, but to teams and companies that have multiple engineer that specialize in those areas.

Excellent video! and yep gaming is a HUGE time sink, wasted so much time on just one specific game and calculated the total hours, it was like i sat in the chair for 27 days straight , never doing that again. Thank you for this video, it has shifted my focus.

Some malware, spy app and virus is difficult to remove even after factory reset phone they came automatically don't know how I am in problem please help me . Not possible to change phone hard-disk

Please suggest some books for web hacking

very good guest

hello David, could you make content about undergraduate or postgraduate computing related courses like computer science, cybersecurity, could computing etc.. Are they really useful pros and cons. Differences between undergraduate courses and degree apprenticeships. Because, nowadays, students are paying crazy amount of money to universities especially foreign students and is it worth it ?. Personally I'm currently studying in London, at UEL.

Next please interview Jim Browning

Man if he has to live in a small apartment and have his computer in his living room along with everything else, and he spent that amount of time learning I think this is the wrong business to get into😅

Can we pls make podcast with *jack rhysider*

Podcast with Ryan Montgomery

Yes Dread is still onn.

how much is for anonymous reward

This guy reminds me of myself. I like this guy even though I am not in the industry. I can relate to him on so many levels. That is why he made it.

Thank you very much!