Jason is back! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal Jason is back showing us his tools and methodology to ethically hack companies and help secure them. In this video he shows us how he hacked NASA in 60 seconds (and how you can learn to do something similar). Previous Video (Hacking Tesla): kzbin.info/www/bejne/Y5uvk4WkoqyMl6M // Videos mentioned // * Real world hacking tutorial (Target: Tesla): kzbin.info/www/bejne/Y5uvk4WkoqyMl6M * I got PWNED ... and so dit you (you’re likely in the 12 Billion): kzbin.info/www/bejne/aqS0YqebfruLrZI // Tools discussed // gist.githubusercontent.com/jhaddix/ haveibeenpwned.com/ github.com/owasp-amass/amass github.com/projectdiscovery/subfinder github.com/projectdiscovery/httpx github.com/gwen001/github-subdomains twitter.com/gwendallecoguic www.hackspacecon.com/ bugcrowd.com/nasa-vdp //Jason's SOCIAL // KZbin: kzbin.info LinkedIn: www.linkedin.com/in/jhaddix X / Twitter: twitter.com/Jhaddix Github: github.com/jhaddix Boddobot: buddobot.com/ Bug Hunter’s methodology Course: tbhmlive.com/ // David's SOCIAL // Discord: discord.gg/davidbombal X / Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // TIMESTAMPS // 00:00 - Coming up 00:41 - Watch until the end! 00:59 - Brilliant sponsored segment 01:56 - How Jason hacked NASA 04:09 - Finding credentials on Github 06:39 - Useful tool // "github-subdomains" 09:47 - Why it's important to find subdomains 11:20 - Searching for passwords on Github 15:20 - Searching for credentials on Github 19:13 - Where to get Jason's scripts 19:50 - The Bug Hunter's Methodology Live 22:17 - Class sneak preview 23:53 - Amass tool 26:01 - Subfinder tool 26:59 - How to keep track of everything 31:44 - "How to do something and when to do something" 34:51 - Threat intelligence // dehashed.com 41:33 - Ransomware service on the dark web // Lockbit 46:55 - Reach out to Jason // Socials 48:08 - Win a free seat to Jason's course 48:50 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

5:21 It's amazing to see how Jason use and organize his data via mind map. Is it possible to get him to share his techniques how to use mind map, probably a short tutorial about the software, how to use it, etc. Btw, thanks David & Jason for the great show. You help me a lot in understanding a lot of things.

I loved the first video with Jason and I was hoping you would do another one. Thank you so much for having him back on your channel! His recon techniques are awesome and easy to understand for a noob like me. Thanks again!

Few months ago youtube recommend me one of your videos ( Top 5 skills to learn in 2023) and since then i started following you. I must say you posted awesome stuff

Amazing content. Please come back and show us the full Xmind map. I would watch an entire 2 hour video of him just going through his Methodology , the map , and explaining each topic point briefly. I learned a ton. I want to attend the course!!

Amazing tutorial! Thank you very much Jason and David!

Thank you sir for you hard work and providing us with this opportunity to learn

As always, great content. with awesome guests. As an IT professional looking to get into Blue Teaming, alot of this information can/is applied to both red & blue teams. ALL great information!!

Best channel I found. Thankyou David for the informative videos

This is becoming a great series! Would be interesting to see how one goes to start a breach on a vulnerable back door.

Thanks for posting an interview with yet another ELITE guest!!

Thank you David. Your channel and the kind of guests you feature are wow!!! I hope to win a seat at jhaddix training.

Great content as always. Thank you for providing us with the information these people have and making us smarter each day. Keep up the great work!! Would love to see some lab based hacking examples if Jason has interest in doing so. Thanks again both! Looking forward to the next one.

I am a student studying in Vietnam. I have learned a lot from you, and I wish you good health and success in your work

Hey, awesome content, watched both of videos with Jason before my job interview. Would like to see him much more on your channel

Such an awesome video. Thank you so much to both of you. Best channel on this subject on KZbin.

Good to see Jason videos as always

Hey Jason Looking forward to see more Red Teaming Stuff & more of what you're teaching in your Class

Thanks David and Jason for this awesome second part. Yes we definitely want to learn how to look for vulnerability and entry points. many videos only showing labs, tools like David mention but no one actually showing or teaching how to approach a target with massive recon data now where to look for bugs. Once we have this mindset it will be easy to build on as we progress on hacking.. main thing is to get start with little help from pro hacker like Jason, I think showing us few entry points where to look and how to exploit the bugs will give noobs as good place to start, again thanks for your great work David

My teacher recommended your channel😮😮

Very Informative!Thank you David!!

I like the way he goes through it in a logical and broken down way of ethical hacking. Also the tools used, maybe cover some networking principles in terms of hacking.

Can you ask Jason to make available his mind app of the recon processes so we can learn and follow through

Loving the videos so far with Jason, just a question, can we have the checklist Jason uses, seems very intresting and different take oth others I've seen.

Many of these hacking tools also have uses in the marketing space. Thanks again for another great video!

What is the -src flag used in Amass? 24:37 is the exact timestamp, but on the amass git project I don't see this as one of the choices.

I want to meet you once in my life I am your big fan sir your video is awesome ❤🎉

I watched til the end but I'm so paranoid I don't click any links 😂.. great information...& thanks for another great scare also..😅..I've got a lot to learn.. no quitting now & definitely no crying....best wishes everyone....keep at it...you'll thank yourself years from now.. remember that 🙌🏽💗👌🏾

Not only informative, but entertaining as well!

I just wanna say thanks for the opportunity, i love your videos I am currently earning my bachelor's degree in cybersecurity and your videos have helped me tremendously!

Very good video David on vulnerability and credentials was very interesting thank you for the videos

Good info! Thank you!😁

love it , just one thing at 40:35 , he sais SAAS not SAS which means software as a service

@davidbombal You content is normally quite good, and informative. However, at around 15:30 there's a bearer token in a repo, you both get quite worked up about. What you apparently missed, is the fact that it's mentioned in the documentation of whatever application it was, together with a list of other possible credential formats. It's therefore more likely the token is just completely made up, than an actual valid token. And blurring stuff while still giving enough information to actually find it ourselves, is a decision I can not understand at all. Perhaps there's some crazy KZbin guidelines requiring this, but it's in no way keeping that information hidden.

Jason is love

Jason is back!!! Awesome!!! ❤

Thank u soo much David

I don't understand why the government doesn't just make their own OS with their own unique protocols. I understand that would be a massive amount of work, but security was never meant to be easy.... So not NASA necessarily, but when I hear about sensitive material from governments getting hacked, I'm just baffled.

We need him back ❤

Yes please on the C2 stuff. I would love to see what other peoples thoughts are on that.

extremely interesting content again. at 40:32 shouldn't it be SaaS (Software as a. Service)? or was it a joke because it 'sounds like SAS' pronounced

Such an informative video for those who love this channel. 😃👍

Definitely want to see him back

You could create an excel formula / script to create the links for git dorking as well. Going to consider that.

Yeah, but can Jason code with JSON?

This is beyond amazing - free giveaway aside, such a great episode. Thank you!

can you tell us is buying hacker a rises courses worth it and can you guide us which course should we by as a beginner

Thank you @David please have him back to finish his checklist

You know you’ve made it when you get a picture of yourself in an astronaut suit!!!!

Amazing content, very informational.

I was a little disappointed the link wasn't hidden or a puzzle. I was more excited about the game of finding the link then actually winning anything. 😂

How to use nexpisher please❤❤❤❤

thank you so much mr david ❤️

Yeah, to those that say "It's never gonna happen again" Dude, IT ALWAYS HAPPENS AGAIN! in some way/shape ALWAYS :)

What is the os that he use ?🤔

awsome tutorial !!!!😮

Jason is a hacker God, I've learned great stuff here. Thanks

I had to click just for that thumbnail lol

Hello, David thanks for this privilege to share with us this , one question isthis

So nice info by jason

Hello, who have the link of gitdorker tool?

Interesting video, showing part of real life job

❤ you videos mister Dave 😊

Amazing video

Loving the content! Get to the hacking!

Amazing!!!

cool video 4 sure but since we're talking about security here..Just 4 education lemme say that blurred content Is not safe anymore, nowadays.

informative❤

the class link forwards you to gleam which tells you to turn off your vpn before you can proceed. 😂 otherwise, good content on this video.

I WANT TO ACUSE THIS COUNTRY FOR EVERYTHING. I NEED HELP! OUTSIDE I CAN'T, HERE HE CHANGE LAWYER 28:26 28:31. TO ACUSE HIM

I thought Chino (Deftones) became an ethical hacker for a minute.

Without recon your going in blind and dont know what your looking for or testing unless you have been doing this for so long you already know what to do.

hi sir

48:08

Amazng content please sir can I have some more

nasa employee was fired for sure lol

Today's no 1 is me wow

Dang. Thot this was gonna be an interview with Gary McKinnon!!! 🙄

First from Morocco

Ivica Dacic

Idk why but i smelled an comment from a mile away XD. Great work tho!

Thanks I hacked NASA 👍

bananas are rich in potatassium

Next video How to hack Area 31 computers

1st

Hell yeah. Go hack the NSA 😎

Hello

How NASA GIT hacked!

Thank you for the info; and ideas of building a profile.: /*\ I am in such a conflict; do i make a twitter for the extra point: did anyone else have this conflicting issue?

This inspires us to control new telescope

It could he a honeypot!

Did you get alien alien 👽 video or just for Fun 😅

👍

more :)! please :) more: D!

GOOD BYE GITHUB AS A STANDARD!! 😂😂😂😂

Cool

Fascial skin transplant or some makeup atleast

First

Or it’s bait.

😃🤭