How to make Millions $$$ hacking zero days?

  Рет қаралды 145,392

David Bombal

David Bombal

Күн бұрын

Пікірлер: 180
@_JohnHammond
@_JohnHammond 2 жыл бұрын
You got STEPHEN SIMS to join the party here!??!? JEALOUS! Great stuff as always!!
@davidbombal
@davidbombal 2 жыл бұрын
lol... great to see you here John! We need to talk and get you back on the channel!
@davidbombal
@davidbombal 2 жыл бұрын
It's possible to earn millions of dollars finding zero days and vulnerabilities in software. But, are you prepared to put in the work? Browser Exploitation Introduction: kzbin.info/www/bejne/mJTRh2Sal8t-mac Introduction to Buffer Overflows: kzbin.info/www/bejne/enmmpqmDm6x_ibc Modern Windows Kernel Exploitation: kzbin.info/www/bejne/pJLYcp9-jdeef80 Linux Heap Exploitation: kzbin.info/www/bejne/mn6noHZvedGJsKM Modern Binary/Patch Diffing: kzbin.info/www/bejne/bpu5gKmGfJmHoKM Crypto and Blockchain Hacks: kzbin.info/www/bejne/r2atoJqKnNWjY9U My apologies for some of the technical issues in this interview. Zoom is a nightmare :( // MENU // 00:00 - Coming up 00:53 - Stephen Sims introduction & Sans course 03:28 - Stephen's KZbin channel // Off By One Security 07:56 - Growing up with computers 08:57 - Getting involved with Sans courses // Impressed by instructors 09:52 - "The Golden Age of Hacking" // Bill Gates changed the game 15:44 - Making money from Zero-Days // Ethical and Unethical methods, zerodium.com & safety tips 32:56 - How to get started 46:53 - Opportunities in Crypto 50:26 - Windows vs. iOS vs. Linux 53:47 - Which programming language to start with 56:22 - Recommended Sans courses 01:02:04 - Recommended CTF programs & events 01:04:06 - Recommended books 01:08:23 - The Vergilius project 01:10:25 - Connect with Stephen Sims 01:12:24 - Conclusion // Stephen's Social // Twitter: twitter.com/Steph3nSims KZbin Live: www.youtube.com/@OffByOneSecurity/streams KZbin videos: www.youtube.com/@OffByOneSecurity/videos E-mail: Stephen(at)deadlisting.com // Stephen's courses // SANS Course sans.org. www.sans.org/cyber-security-courses/ - Advanced exploit development for penetration testers course - Advanced penetration testing, exploit writing, and ethical hacking (GXPN) - ARM Exploit Development // Books discussed // Grey Hat Hacking: amzn.to/3B1FeIK Hacking: The art of Exploitation: amzn.to/3Us9Uts The Shellcoder’s Handbook: amzn.to/3VqUEhY Linkers & Loaders: amzn.to/3itqtbe // Websites discussed // Zerodium: zerodium.com/ Corelan Cybersecurity Research: www.corelan.be/ Shellphish: github.com/suljot/shellphish Vergilius Project: www.vergiliusproject.com/ // David's Social // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin Main Channel: kzbin.info KZbin Tech Channel: kzbin.info/door/ZTIRrENWr_rjVoA7BcUE_A KZbin Clips Channel: kzbin.info/door/bY5wGxQgIiAeMdNkW5wM6Q KZbin Shorts Channel: kzbin.info/door/EyCubIF0e8MYi1jkgVepKg Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
@Blackibangalore
@Blackibangalore 2 жыл бұрын
Please share where we can find free classes and books to study sir@ @davidbombal
@PortSwigger-ho3ye
@PortSwigger-ho3ye 2 жыл бұрын
thanks for posting such a precious content
@decoder6878
@decoder6878 2 жыл бұрын
Thanks a lot David and Stephen for this wonderful discussion. I'm very interested in binary exploration and was looking forward more details on related platforms. This was very helpful.
@macktheripper7454
@macktheripper7454 2 жыл бұрын
What he says about sacrifice is totally right. I wake up at 5am, workout and then study for at least 2 hours before running my business. I’m tired a lot but I’ve completed 3 courses in a little over a year. Starting an api hacking course in January. 💪 thanks for another great video David
@ochiojie
@ochiojie 2 жыл бұрын
Hey bro! Did you have previous experience with APIs before starting API hacking?
@macktheripper7454
@macktheripper7454 2 жыл бұрын
@@ochiojie nope, not at all. Websites and network based hacking mainly
@corail53
@corail53 Жыл бұрын
That sounds more like a luxury than a sacrifice. Waking at 5 am is not a special feat and having 2 hours of spare time to be able to study before work is a luxury most don't have.
@ochiojie
@ochiojie Жыл бұрын
@@macktheripper7454 I was thinking of starting it but thought I had to have some previous knowledge thanks man. Also I apologize for responding late.
@macktheripper7454
@macktheripper7454 Жыл бұрын
@corail53 it's not a luxury. I have my own business, I'm just efficient at running it.
@iamwithyou1184
@iamwithyou1184 2 жыл бұрын
My request Stephen to complete playlist on Exploit development from beginners to pro level and thanks to David it's an awesome session
@jamesrobertson2712
@jamesrobertson2712 2 жыл бұрын
Absolutely fantastic video. I have calculated it will probably take me about 750 years to get anywhere near the level of knowledge displayed here. Either way, I have started writing that Windows driver, using Kernel-Mode Driver Framework (KMDF)...which I had to google.
@ashwanthbalajir5153
@ashwanthbalajir5153 2 жыл бұрын
This is what I am waiting for. Thanks David
@davidbombal
@davidbombal 2 жыл бұрын
Very happy to hear that!
@sudhanshusingh-yo6nc
@sudhanshusingh-yo6nc 2 жыл бұрын
@@davidbombal i want learn exploit development in free can you give me roadmap and platform
@cybercashz
@cybercashz 2 жыл бұрын
I don't know how you do it , I just searched for exploit development thought would be good for my skill set and you just released this video. I love your content helped me alot in my work I really wish you grow more and keep bringing this amazing content. Bless you!!!
@robd.2466
@robd.2466 2 жыл бұрын
Tremendous interview, David. Thank you for these. Incredibly interesting and informative.
@Naath000
@Naath000 2 жыл бұрын
thank you david sir for taking stephen sir interview that interview helped me to clearify most of the things for better future
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome! And I'm very happy to that that!
@graham-moss
@graham-moss 2 жыл бұрын
Love hearing about the more advanced stuff. Having a roadmap is very helpful even if you end up taking a different path. Just knowing how to get started is a huge help.
@vardhangoud8851
@vardhangoud8851 2 жыл бұрын
Here is the Game changer content🔥
@davidbombal
@davidbombal 2 жыл бұрын
Hope you enjoy the video Vardhan! Also check out the amazing training that Stephen has on his KZbin channel.
@vardhangoud8851
@vardhangoud8851 2 жыл бұрын
@@davidbombal In previous video in my comment, one fraud replayed me with ur name like you won something prize Dm in telegram. I just ignored the message
@ayushmishra5410
@ayushmishra5410 2 жыл бұрын
(@@davidbombal) my chipset supports monitor mode but airodump-ng doesn't show any targets , Anyone knows how to fix ?
@ali_linux5097
@ali_linux5097 2 жыл бұрын
The Best Videos on youtube Thx David for Your Time Giving to us 💖💖💖
@ANTGPRO
@ANTGPRO 2 жыл бұрын
Great topic, David. Thanks!
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome! Glad you enjoyed the video :)
@nathanchan1900
@nathanchan1900 2 жыл бұрын
Thanks for initiating the talk with Steven. Now, to find some good zero-days for ZDI.
2 жыл бұрын
When I hear these topics if feel there's an entire universe to discover in a digital realm. One can only learn and specialize a certain direction and still be memorized of the vastness of knowledge, tools, techniques available.
@kevinnevs2666
@kevinnevs2666 2 жыл бұрын
Loved this video. Very inspirational & informative. Thank you David.
@mukbangheat3080
@mukbangheat3080 2 жыл бұрын
awesome content as always, keep what you're doing. thanks David
@ThatNiceDutchGuy
@ThatNiceDutchGuy Жыл бұрын
Setting a reasonable goal and path towards it, execute and stick to it. It does sound rather easy, however it is not. Great podcast, as always! Thank you for sharing.
@rhinofart89
@rhinofart89 2 жыл бұрын
SANS is the country club in the world of cybersecurity. I’d literally have to pay 1/3 of my yearly salary to take a 6 day course. SANS in essence is saying you must already be successful to be successful in cybersecurity.
@rhinofart89
@rhinofart89 2 жыл бұрын
Will definitely be subscribing to his KZbin channel though.
@PeterAdiSaputro
@PeterAdiSaputro Жыл бұрын
Advanced knowledges beyond what I've learned and knew so far. Need to learn a lot more.
@emmetgwilliam6527
@emmetgwilliam6527 2 жыл бұрын
Thanks for the good video on exploits and vulnerability’s I’ve tested a few vulnerabilities before
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome! Stephen has amazing content on his KZbin channel.
@davidroach112
@davidroach112 2 жыл бұрын
Took a Sans class taught by Mr. Simms. The guy is legit.
@CyberDevilSec
@CyberDevilSec 2 жыл бұрын
Awesome stuff David as always 🔥
@davidbombal
@davidbombal 2 жыл бұрын
Thank you! You're welcome :)
@CyberDevilSec
@CyberDevilSec 2 жыл бұрын
@@davidbombal I do my best 😃
@gilbertohernandez9223
@gilbertohernandez9223 2 жыл бұрын
We need this guy back asap
@ragnarok55
@ragnarok55 2 жыл бұрын
20 years experience guy said you can't be a expert in every subject 👍 but my KZbin feed destructed myself to learn everything 😂
@CyberDevilSec
@CyberDevilSec 2 жыл бұрын
I feel like he's my lost brother We have a lot in common. I look almost identical to him. Green gray blue eyes stretch etc. Secondly i relate to him because I was basically born with a computer and always had a curiosity. And I also have the exact same black guitar 😁🎸 Rock on brother 🤘🤘I hope I can speak with you
@user-uk5qk1zo4k
@user-uk5qk1zo4k 2 жыл бұрын
Thanks for this one, was looking for ages how to start with a clear roadmap, would be nice to have him back to discuss malwares like Shikitega or eternal blue etc
@PortSwigger-ho3ye
@PortSwigger-ho3ye 2 жыл бұрын
your content is always FIRE Sir!
@ranjanadissanayaka5390
@ranjanadissanayaka5390 2 жыл бұрын
Amazing video... Thanks for both of you.
@itzdm0r3
@itzdm0r3 Жыл бұрын
Stephen's SANS class sound pretty cool, also good talk!
@AMCSec
@AMCSec 2 жыл бұрын
My mind in frazzled 😵‍💫 great video!
@cipi5
@cipi5 2 жыл бұрын
oh snaps! i love exploit dev training! thanks david!
@davidrobertson1980
@davidrobertson1980 2 жыл бұрын
Good Onya David, you're a ledge ;) and many thanks to Stephen
@Z0nd4
@Z0nd4 2 жыл бұрын
Amazing, OMG. Awesome content David, thank you very much! I have met these spectacular professionals thanks to your channel
@lunhamegenogueira1969
@lunhamegenogueira1969 Жыл бұрын
This was a great talk! Thanks for bringing another guru to light lol! Much appreciated!
@prodigyprogrammer3187
@prodigyprogrammer3187 2 жыл бұрын
Exactly what i wanted
@davidbombal
@davidbombal 2 жыл бұрын
Very happy to hear that!
@timcyb
@timcyb 2 жыл бұрын
Thanks for the amazing contents
@ojochegbe_
@ojochegbe_ 2 жыл бұрын
Thanks David 🖤❤️
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome!
@fernandopierola
@fernandopierola 2 жыл бұрын
Amazing Video David and Stephens!!! Thanks so so much
@Kodlak15
@Kodlak15 Жыл бұрын
I find this stuff fascinating. Thank you for the talk, appreciate you and your content!
@fsydlx4546
@fsydlx4546 2 жыл бұрын
Thank You David!
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome!
@izzy9ish
@izzy9ish 2 жыл бұрын
🔥🔥🔥🔥 Content keep them videos coming 🎥
@davidbombal
@davidbombal 2 жыл бұрын
Thank you! Lots of great content coming soon :)
@PhilosophyEpochs
@PhilosophyEpochs 2 жыл бұрын
love your content sir
@davidbombal
@davidbombal 2 жыл бұрын
Thank you!
@jaiminpatel2784
@jaiminpatel2784 2 жыл бұрын
Thank you sir!
@davidbombal
@davidbombal 2 жыл бұрын
You are welcome!
@DigitalNomad765
@DigitalNomad765 2 жыл бұрын
Thanks David 😊
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome!
@alisenjary
@alisenjary 2 жыл бұрын
Thank you 🌹
@davidbombal
@davidbombal 2 жыл бұрын
You’re welcome 😊
@AliRagabali
@AliRagabali 11 ай бұрын
Best video ever on the channel, thank you so much
@Chrisnakano
@Chrisnakano 2 жыл бұрын
Most people are taught that "you only need a good job to become rich". These billionaires are operating on a whole other playbook that many don't even know exists.
@xavierclifford174
@xavierclifford174 2 жыл бұрын
@johnnie9888
@johnnie9888 2 жыл бұрын
@skytechbits
@skytechbits 2 жыл бұрын
I know what the benefit to a company like Verisign would have by buying those exploits that way. They sell SSL certificates which effects every website everywhere. It is a benefit for them to accept top bug bounty finds than to pay employees to look around for such problems that need fixed. Then directly talking to their clients and the corporations who advocates SSL certificates which are becoming a standard. They can go out of business if their SSL become useless. MS now controls hardware with TPM which is their security key.
@notorioussil7646
@notorioussil7646 2 жыл бұрын
very very good and interesting interview. Top notch stuff!!
@hakem739
@hakem739 2 жыл бұрын
Thank you. I love your channel
@willredmambo3777
@willredmambo3777 2 жыл бұрын
Awesome stuff
@davidbombal
@davidbombal 2 жыл бұрын
Thank you!
@rev.kenshostad2888
@rev.kenshostad2888 Жыл бұрын
@41:00 Practice makes perfect... PERIOD... Time is the only REAL commodity we have, all have to start somewhere and once known practice practice practice...
@rickrick444x
@rickrick444x 2 жыл бұрын
I like your friend skill that behind the curtain and love your videos also 😍😍😍 I m a c.s.e student really want to learn how to work on language but never understand R.I.P mostly one flaw is Indian teachers 😔 they are followed books not any practicals but now a days study is different I m fast a learner in computing and electronics but when I studied my time is bad I have no teacher like today 😔.
@miresoman1769
@miresoman1769 2 жыл бұрын
your english is lit
@ArSiddharth
@ArSiddharth 2 жыл бұрын
will someone help me, my college website is using old version of php (php5) So what should I do, See also Exploits of the Exploits Database but they are many, There are many vulnerabilities from PHP 5 to the latest version
@nitinjangra653
@nitinjangra653 2 жыл бұрын
Thanku sir
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome!
@AliYar-Khan
@AliYar-Khan 2 жыл бұрын
David you are love man ❤️😇
@ghninoumehdi9516
@ghninoumehdi9516 Жыл бұрын
Thank you so much! This is very instructive
@brycegalbraith6375
@brycegalbraith6375 Жыл бұрын
Outstanding.
@johnhyhintchmn3674
@johnhyhintchmn3674 2 жыл бұрын
Cant wait
@patrickparson9628
@patrickparson9628 2 жыл бұрын
Great work. Beautiful.
@red-zi7fg
@red-zi7fg 2 жыл бұрын
David interviewing Matchbox 20 :)
@jarsal_firahel
@jarsal_firahel 2 жыл бұрын
Hey David, would you do a video on browser fingerprinting ?
@Ghislo
@Ghislo 2 жыл бұрын
super inspiring omg thanks for this
@RoyalNatangwe
@RoyalNatangwe 2 жыл бұрын
just started my journey in C and Assembly but though this is good information🔥🔥🔥 it is a bit more oriented for intermediate users. wish he recommended books for complete beginners as the way he emphasised on starting with building blocks, books like Hacking the Art of Exploitation when I first bought it, I initially thought it's a complete book but it just made me realise how much I don't know, that I needed to search up more before I understood a certain complex topic.....but ey its life of refusing to be a script kiddie😂😂😂
@don156
@don156 2 жыл бұрын
If you're just starting in C I think "C Programming Absolute Beginner's Guide" is a great place to start
@stephenrankin3941
@stephenrankin3941 Жыл бұрын
hey David, how would you rate hack the box academy? I've been considering going for their bug bounty hunter course, I'm just wo dering if my time would be better spent somewhere else.
@supriyoguha5421
@supriyoguha5421 2 жыл бұрын
Amazing Content @David.....
@ashace6092
@ashace6092 2 жыл бұрын
Thank you
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome! I hope the video helps you!
@hendahmed2408
@hendahmed2408 2 жыл бұрын
is it still not working😢? iam starting my pentesting course, i have mac m1pro so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?
@zemourizemouri2406
@zemourizemouri2406 2 жыл бұрын
Amazing video!!!
@wingwing2683
@wingwing2683 9 ай бұрын
Thank you very much!
@malua7021
@malua7021 2 жыл бұрын
Nice David..
@incognitohacks4850
@incognitohacks4850 2 жыл бұрын
Would you recommend using a vm or an old laptop you found lying around for practice?
@Nigashm
@Nigashm 2 жыл бұрын
Thank you sir
@davidbombal
@davidbombal 2 жыл бұрын
You're welcome!
@NoName-ey9hy
@NoName-ey9hy 2 жыл бұрын
No fluff❤❤❤
@davidbombal
@davidbombal 2 жыл бұрын
Stephen has amazing content on his KZbin channel. Please go and subscribe :)
@mujahidAli-eg8qh
@mujahidAli-eg8qh 2 жыл бұрын
That's Crazy bro
@davidbombal
@davidbombal 2 жыл бұрын
Hope you enjoy the video and learn a lot Mujahid! Also check out the amazing training that Stephen has on his KZbin channel.
@privilegedesign8745
@privilegedesign8745 2 жыл бұрын
I have it this PDF book but is really hard go with it when you have some knowledge I stopped for later I need more knowledge
@sudhanshusingh-yo6nc
@sudhanshusingh-yo6nc 2 жыл бұрын
i want learn exploit development can you help me
@MegaFeedee
@MegaFeedee 2 жыл бұрын
Thank you VERY much for this awesome content, David! . . . . . Corgee hacks you 2 please...
@anishgoud651
@anishgoud651 2 жыл бұрын
There is any certification for automotive cybersecurity ??
@mohammadamiry7385
@mohammadamiry7385 2 жыл бұрын
please make of iot full Introduction and about attacking and hacking it I need it for my monograph please
@hustle717
@hustle717 2 жыл бұрын
KZbinr Jay Williams "Lets live life" recently had his page hacked, any tips on getting it back?
@C1t1z3n1
@C1t1z3n1 2 жыл бұрын
Have him show us how to do a buffer overflow.
@pradyumgupta9711
@pradyumgupta9711 10 ай бұрын
"litigation" is a word used a lot in this video, just wondering what that is exactly with respect to security. New in the industry.
@Sevo.yt.....
@Sevo.yt..... 2 жыл бұрын
My files are encrypted with ransomware can u help to decrypt them
@rhinofart89
@rhinofart89 2 жыл бұрын
Can he come back and talk about hooking system calls
@michaelnieves8087
@michaelnieves8087 10 ай бұрын
I can't find that book he mentioned "Journey Into Ring 0"
@catoshyare969
@catoshyare969 Жыл бұрын
David we want you to make some videos of basics of Linux. help
@Oswee
@Oswee 2 жыл бұрын
Don't worry. We have a ChatGPT now. You better pick carpentry. :D
@elywacime5411
@elywacime5411 2 жыл бұрын
Is that a Gibson in the background
@hackmedia7755
@hackmedia7755 Жыл бұрын
common lisp has a lot of advanced features and doesn't have many security vulnerabilities like many other languages.
@420yttsantsujzttad
@420yttsantsujzttad 2 жыл бұрын
Gud video 👍
@davidbombal
@davidbombal 2 жыл бұрын
Thank you!
@SiamYaya-s4h
@SiamYaya-s4h Жыл бұрын
انا ارغب فى هذه البرمجة ولكن لا عرف عنها شي اني صفر هل ممكن ان اتبدي وكم مدة سياخذني
@PUIT1280
@PUIT1280 2 жыл бұрын
❤😊
@davidbombal
@davidbombal 2 жыл бұрын
Thank you!
@yungdnny
@yungdnny Жыл бұрын
Are you really a hacker if your webcam isn't half frozen? (i'm just teasing bc linux seems to struggle with screen tearing so much and i thought it was my pc)
@MAGICIANHACKERS
@MAGICIANHACKERS 2 жыл бұрын
Hello, is there a virus for all platforms?
@WarrenKirkpatrick
@WarrenKirkpatrick 2 жыл бұрын
Went to check the website out and the beginner course, the fundamentals, was like $7k… I mean wow..
@Botanisse
@Botanisse 2 жыл бұрын
please, David, show us how to hack webcam
@guilherme5094
@guilherme5094 2 жыл бұрын
👍👍!
@cdcrjp2nft867
@cdcrjp2nft867 2 жыл бұрын
I been validating exploits on multiple platforms still no deal
@MutinyInteractive
@MutinyInteractive Жыл бұрын
This is why coding instructor are NEVER GOOD, at 35:15…. A good teacher can recognize a student savant who learns backwards. Those are usually the most talented and naturally inclined individuals on the planet per their respective interests Dave Chappelle, he writes his jokes backwards…. Same way I do, he doesn’t seem like someone who can recognize the ability to reverse engineer and have that actually be the better teaching instrument than not, he doesn’t have that radar
2023 Roadmap to Master Hacker
25:55
David Bombal
Рет қаралды 483 М.
Хаги Ваги говорит разными голосами
0:22
Фани Хани
Рет қаралды 2,2 МЛН
Hack your life (with demos) and get Superpowers!
1:03:47
David Bombal
Рет қаралды 193 М.
the most advanced SPYING device ever created? #privacy
54:58
David Bombal
Рет қаралды 157 М.
Ex-NSA hacker tells us how to get into hacking!
51:52
David Bombal
Рет қаралды 2 МЛН
Is Skynet watching you already?
1:04:00
David Bombal
Рет қаралды 1,1 МЛН
How to be Invisible Online (and the hard truth about it)...
53:16
David Bombal
Рет қаралды 2,1 МЛН
They're watching you 😱 Protect your online PRIVACY!
1:13:58
David Bombal
Рет қаралды 129 М.
Real World Hacking with OTW (Privacy and Cybersecurity IoT warning)
49:27
Your VPN won't protect you 😱
1:03:25
David Bombal
Рет қаралды 133 М.
Real World Hacking Tools Tutorial (Target: Tesla)
1:22:28
David Bombal
Рет қаралды 353 М.