You got STEPHEN SIMS to join the party here!??!? JEALOUS! Great stuff as always!!
@davidbombal2 жыл бұрын
lol... great to see you here John! We need to talk and get you back on the channel!
@davidbombal2 жыл бұрын
It's possible to earn millions of dollars finding zero days and vulnerabilities in software. But, are you prepared to put in the work? Browser Exploitation Introduction: kzbin.info/www/bejne/mJTRh2Sal8t-mac Introduction to Buffer Overflows: kzbin.info/www/bejne/enmmpqmDm6x_ibc Modern Windows Kernel Exploitation: kzbin.info/www/bejne/pJLYcp9-jdeef80 Linux Heap Exploitation: kzbin.info/www/bejne/mn6noHZvedGJsKM Modern Binary/Patch Diffing: kzbin.info/www/bejne/bpu5gKmGfJmHoKM Crypto and Blockchain Hacks: kzbin.info/www/bejne/r2atoJqKnNWjY9U My apologies for some of the technical issues in this interview. Zoom is a nightmare :( // MENU // 00:00 - Coming up 00:53 - Stephen Sims introduction & Sans course 03:28 - Stephen's KZbin channel // Off By One Security 07:56 - Growing up with computers 08:57 - Getting involved with Sans courses // Impressed by instructors 09:52 - "The Golden Age of Hacking" // Bill Gates changed the game 15:44 - Making money from Zero-Days // Ethical and Unethical methods, zerodium.com & safety tips 32:56 - How to get started 46:53 - Opportunities in Crypto 50:26 - Windows vs. iOS vs. Linux 53:47 - Which programming language to start with 56:22 - Recommended Sans courses 01:02:04 - Recommended CTF programs & events 01:04:06 - Recommended books 01:08:23 - The Vergilius project 01:10:25 - Connect with Stephen Sims 01:12:24 - Conclusion // Stephen's Social // Twitter: twitter.com/Steph3nSims KZbin Live: www.youtube.com/@OffByOneSecurity/streams KZbin videos: www.youtube.com/@OffByOneSecurity/videos E-mail: Stephen(at)deadlisting.com // Stephen's courses // SANS Course sans.org. www.sans.org/cyber-security-courses/ - Advanced exploit development for penetration testers course - Advanced penetration testing, exploit writing, and ethical hacking (GXPN) - ARM Exploit Development // Books discussed // Grey Hat Hacking: amzn.to/3B1FeIK Hacking: The art of Exploitation: amzn.to/3Us9Uts The Shellcoder’s Handbook: amzn.to/3VqUEhY Linkers & Loaders: amzn.to/3itqtbe // Websites discussed // Zerodium: zerodium.com/ Corelan Cybersecurity Research: www.corelan.be/ Shellphish: github.com/suljot/shellphish Vergilius Project: www.vergiliusproject.com/ // David's Social // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin Main Channel: kzbin.info KZbin Tech Channel: kzbin.info/door/ZTIRrENWr_rjVoA7BcUE_A KZbin Clips Channel: kzbin.info/door/bY5wGxQgIiAeMdNkW5wM6Q KZbin Shorts Channel: kzbin.info/door/EyCubIF0e8MYi1jkgVepKg Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
@Blackibangalore2 жыл бұрын
Please share where we can find free classes and books to study sir@ @davidbombal
@PortSwigger-ho3ye2 жыл бұрын
thanks for posting such a precious content
@decoder68782 жыл бұрын
Thanks a lot David and Stephen for this wonderful discussion. I'm very interested in binary exploration and was looking forward more details on related platforms. This was very helpful.
@macktheripper74542 жыл бұрын
What he says about sacrifice is totally right. I wake up at 5am, workout and then study for at least 2 hours before running my business. I’m tired a lot but I’ve completed 3 courses in a little over a year. Starting an api hacking course in January. 💪 thanks for another great video David
@ochiojie2 жыл бұрын
Hey bro! Did you have previous experience with APIs before starting API hacking?
@macktheripper74542 жыл бұрын
@@ochiojie nope, not at all. Websites and network based hacking mainly
@corail53 Жыл бұрын
That sounds more like a luxury than a sacrifice. Waking at 5 am is not a special feat and having 2 hours of spare time to be able to study before work is a luxury most don't have.
@ochiojie Жыл бұрын
@@macktheripper7454 I was thinking of starting it but thought I had to have some previous knowledge thanks man. Also I apologize for responding late.
@macktheripper7454 Жыл бұрын
@corail53 it's not a luxury. I have my own business, I'm just efficient at running it.
@iamwithyou11842 жыл бұрын
My request Stephen to complete playlist on Exploit development from beginners to pro level and thanks to David it's an awesome session
@jamesrobertson27122 жыл бұрын
Absolutely fantastic video. I have calculated it will probably take me about 750 years to get anywhere near the level of knowledge displayed here. Either way, I have started writing that Windows driver, using Kernel-Mode Driver Framework (KMDF)...which I had to google.
@ashwanthbalajir51532 жыл бұрын
This is what I am waiting for. Thanks David
@davidbombal2 жыл бұрын
Very happy to hear that!
@sudhanshusingh-yo6nc2 жыл бұрын
@@davidbombal i want learn exploit development in free can you give me roadmap and platform
@cybercashz2 жыл бұрын
I don't know how you do it , I just searched for exploit development thought would be good for my skill set and you just released this video. I love your content helped me alot in my work I really wish you grow more and keep bringing this amazing content. Bless you!!!
@robd.24662 жыл бұрын
Tremendous interview, David. Thank you for these. Incredibly interesting and informative.
@Naath0002 жыл бұрын
thank you david sir for taking stephen sir interview that interview helped me to clearify most of the things for better future
@davidbombal2 жыл бұрын
You're welcome! And I'm very happy to that that!
@graham-moss2 жыл бұрын
Love hearing about the more advanced stuff. Having a roadmap is very helpful even if you end up taking a different path. Just knowing how to get started is a huge help.
@vardhangoud88512 жыл бұрын
Here is the Game changer content🔥
@davidbombal2 жыл бұрын
Hope you enjoy the video Vardhan! Also check out the amazing training that Stephen has on his KZbin channel.
@vardhangoud88512 жыл бұрын
@@davidbombal In previous video in my comment, one fraud replayed me with ur name like you won something prize Dm in telegram. I just ignored the message
@ayushmishra54102 жыл бұрын
(@@davidbombal) my chipset supports monitor mode but airodump-ng doesn't show any targets , Anyone knows how to fix ?
@ali_linux50972 жыл бұрын
The Best Videos on youtube Thx David for Your Time Giving to us 💖💖💖
@ANTGPRO2 жыл бұрын
Great topic, David. Thanks!
@davidbombal2 жыл бұрын
You're welcome! Glad you enjoyed the video :)
@nathanchan19002 жыл бұрын
Thanks for initiating the talk with Steven. Now, to find some good zero-days for ZDI.
2 жыл бұрын
When I hear these topics if feel there's an entire universe to discover in a digital realm. One can only learn and specialize a certain direction and still be memorized of the vastness of knowledge, tools, techniques available.
@kevinnevs26662 жыл бұрын
Loved this video. Very inspirational & informative. Thank you David.
@mukbangheat30802 жыл бұрын
awesome content as always, keep what you're doing. thanks David
@ThatNiceDutchGuy Жыл бұрын
Setting a reasonable goal and path towards it, execute and stick to it. It does sound rather easy, however it is not. Great podcast, as always! Thank you for sharing.
@rhinofart892 жыл бұрын
SANS is the country club in the world of cybersecurity. I’d literally have to pay 1/3 of my yearly salary to take a 6 day course. SANS in essence is saying you must already be successful to be successful in cybersecurity.
@rhinofart892 жыл бұрын
Will definitely be subscribing to his KZbin channel though.
@PeterAdiSaputro Жыл бұрын
Advanced knowledges beyond what I've learned and knew so far. Need to learn a lot more.
@emmetgwilliam65272 жыл бұрын
Thanks for the good video on exploits and vulnerability’s I’ve tested a few vulnerabilities before
@davidbombal2 жыл бұрын
You're welcome! Stephen has amazing content on his KZbin channel.
@davidroach1122 жыл бұрын
Took a Sans class taught by Mr. Simms. The guy is legit.
@CyberDevilSec2 жыл бұрын
Awesome stuff David as always 🔥
@davidbombal2 жыл бұрын
Thank you! You're welcome :)
@CyberDevilSec2 жыл бұрын
@@davidbombal I do my best 😃
@gilbertohernandez92232 жыл бұрын
We need this guy back asap
@ragnarok552 жыл бұрын
20 years experience guy said you can't be a expert in every subject 👍 but my KZbin feed destructed myself to learn everything 😂
@CyberDevilSec2 жыл бұрын
I feel like he's my lost brother We have a lot in common. I look almost identical to him. Green gray blue eyes stretch etc. Secondly i relate to him because I was basically born with a computer and always had a curiosity. And I also have the exact same black guitar 😁🎸 Rock on brother 🤘🤘I hope I can speak with you
@user-uk5qk1zo4k2 жыл бұрын
Thanks for this one, was looking for ages how to start with a clear roadmap, would be nice to have him back to discuss malwares like Shikitega or eternal blue etc
@PortSwigger-ho3ye2 жыл бұрын
your content is always FIRE Sir!
@ranjanadissanayaka53902 жыл бұрын
Amazing video... Thanks for both of you.
@itzdm0r3 Жыл бұрын
Stephen's SANS class sound pretty cool, also good talk!
@AMCSec2 жыл бұрын
My mind in frazzled 😵💫 great video!
@cipi52 жыл бұрын
oh snaps! i love exploit dev training! thanks david!
@davidrobertson19802 жыл бұрын
Good Onya David, you're a ledge ;) and many thanks to Stephen
@Z0nd42 жыл бұрын
Amazing, OMG. Awesome content David, thank you very much! I have met these spectacular professionals thanks to your channel
@lunhamegenogueira1969 Жыл бұрын
This was a great talk! Thanks for bringing another guru to light lol! Much appreciated!
@prodigyprogrammer31872 жыл бұрын
Exactly what i wanted
@davidbombal2 жыл бұрын
Very happy to hear that!
@timcyb2 жыл бұрын
Thanks for the amazing contents
@ojochegbe_2 жыл бұрын
Thanks David 🖤❤️
@davidbombal2 жыл бұрын
You're welcome!
@fernandopierola2 жыл бұрын
Amazing Video David and Stephens!!! Thanks so so much
@Kodlak15 Жыл бұрын
I find this stuff fascinating. Thank you for the talk, appreciate you and your content!
@fsydlx45462 жыл бұрын
Thank You David!
@davidbombal2 жыл бұрын
You're welcome!
@izzy9ish2 жыл бұрын
🔥🔥🔥🔥 Content keep them videos coming 🎥
@davidbombal2 жыл бұрын
Thank you! Lots of great content coming soon :)
@PhilosophyEpochs2 жыл бұрын
love your content sir
@davidbombal2 жыл бұрын
Thank you!
@jaiminpatel27842 жыл бұрын
Thank you sir!
@davidbombal2 жыл бұрын
You are welcome!
@DigitalNomad7652 жыл бұрын
Thanks David 😊
@davidbombal2 жыл бұрын
You're welcome!
@alisenjary2 жыл бұрын
Thank you 🌹
@davidbombal2 жыл бұрын
You’re welcome 😊
@AliRagabali11 ай бұрын
Best video ever on the channel, thank you so much
@Chrisnakano2 жыл бұрын
Most people are taught that "you only need a good job to become rich". These billionaires are operating on a whole other playbook that many don't even know exists.
@xavierclifford1742 жыл бұрын
@johnnie98882 жыл бұрын
@skytechbits2 жыл бұрын
I know what the benefit to a company like Verisign would have by buying those exploits that way. They sell SSL certificates which effects every website everywhere. It is a benefit for them to accept top bug bounty finds than to pay employees to look around for such problems that need fixed. Then directly talking to their clients and the corporations who advocates SSL certificates which are becoming a standard. They can go out of business if their SSL become useless. MS now controls hardware with TPM which is their security key.
@notorioussil76462 жыл бұрын
very very good and interesting interview. Top notch stuff!!
@hakem7392 жыл бұрын
Thank you. I love your channel
@willredmambo37772 жыл бұрын
Awesome stuff
@davidbombal2 жыл бұрын
Thank you!
@rev.kenshostad2888 Жыл бұрын
@41:00 Practice makes perfect... PERIOD... Time is the only REAL commodity we have, all have to start somewhere and once known practice practice practice...
@rickrick444x2 жыл бұрын
I like your friend skill that behind the curtain and love your videos also 😍😍😍 I m a c.s.e student really want to learn how to work on language but never understand R.I.P mostly one flaw is Indian teachers 😔 they are followed books not any practicals but now a days study is different I m fast a learner in computing and electronics but when I studied my time is bad I have no teacher like today 😔.
@miresoman17692 жыл бұрын
your english is lit
@ArSiddharth2 жыл бұрын
will someone help me, my college website is using old version of php (php5) So what should I do, See also Exploits of the Exploits Database but they are many, There are many vulnerabilities from PHP 5 to the latest version
@nitinjangra6532 жыл бұрын
Thanku sir
@davidbombal2 жыл бұрын
You're welcome!
@AliYar-Khan2 жыл бұрын
David you are love man ❤️😇
@ghninoumehdi9516 Жыл бұрын
Thank you so much! This is very instructive
@brycegalbraith6375 Жыл бұрын
Outstanding.
@johnhyhintchmn36742 жыл бұрын
Cant wait
@patrickparson96282 жыл бұрын
Great work. Beautiful.
@red-zi7fg2 жыл бұрын
David interviewing Matchbox 20 :)
@jarsal_firahel2 жыл бұрын
Hey David, would you do a video on browser fingerprinting ?
@Ghislo2 жыл бұрын
super inspiring omg thanks for this
@RoyalNatangwe2 жыл бұрын
just started my journey in C and Assembly but though this is good information🔥🔥🔥 it is a bit more oriented for intermediate users. wish he recommended books for complete beginners as the way he emphasised on starting with building blocks, books like Hacking the Art of Exploitation when I first bought it, I initially thought it's a complete book but it just made me realise how much I don't know, that I needed to search up more before I understood a certain complex topic.....but ey its life of refusing to be a script kiddie😂😂😂
@don1562 жыл бұрын
If you're just starting in C I think "C Programming Absolute Beginner's Guide" is a great place to start
@stephenrankin3941 Жыл бұрын
hey David, how would you rate hack the box academy? I've been considering going for their bug bounty hunter course, I'm just wo dering if my time would be better spent somewhere else.
@supriyoguha54212 жыл бұрын
Amazing Content @David.....
@ashace60922 жыл бұрын
Thank you
@davidbombal2 жыл бұрын
You're welcome! I hope the video helps you!
@hendahmed24082 жыл бұрын
is it still not working😢? iam starting my pentesting course, i have mac m1pro so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?
@zemourizemouri24062 жыл бұрын
Amazing video!!!
@wingwing26839 ай бұрын
Thank you very much!
@malua70212 жыл бұрын
Nice David..
@incognitohacks48502 жыл бұрын
Would you recommend using a vm or an old laptop you found lying around for practice?
@Nigashm2 жыл бұрын
Thank you sir
@davidbombal2 жыл бұрын
You're welcome!
@NoName-ey9hy2 жыл бұрын
No fluff❤❤❤
@davidbombal2 жыл бұрын
Stephen has amazing content on his KZbin channel. Please go and subscribe :)
@mujahidAli-eg8qh2 жыл бұрын
That's Crazy bro
@davidbombal2 жыл бұрын
Hope you enjoy the video and learn a lot Mujahid! Also check out the amazing training that Stephen has on his KZbin channel.
@privilegedesign87452 жыл бұрын
I have it this PDF book but is really hard go with it when you have some knowledge I stopped for later I need more knowledge
@sudhanshusingh-yo6nc2 жыл бұрын
i want learn exploit development can you help me
@MegaFeedee2 жыл бұрын
Thank you VERY much for this awesome content, David! . . . . . Corgee hacks you 2 please...
@anishgoud6512 жыл бұрын
There is any certification for automotive cybersecurity ??
@mohammadamiry73852 жыл бұрын
please make of iot full Introduction and about attacking and hacking it I need it for my monograph please
@hustle7172 жыл бұрын
KZbinr Jay Williams "Lets live life" recently had his page hacked, any tips on getting it back?
@C1t1z3n12 жыл бұрын
Have him show us how to do a buffer overflow.
@pradyumgupta971110 ай бұрын
"litigation" is a word used a lot in this video, just wondering what that is exactly with respect to security. New in the industry.
@Sevo.yt.....2 жыл бұрын
My files are encrypted with ransomware can u help to decrypt them
@rhinofart892 жыл бұрын
Can he come back and talk about hooking system calls
@michaelnieves808710 ай бұрын
I can't find that book he mentioned "Journey Into Ring 0"
@catoshyare969 Жыл бұрын
David we want you to make some videos of basics of Linux. help
@Oswee2 жыл бұрын
Don't worry. We have a ChatGPT now. You better pick carpentry. :D
@elywacime54112 жыл бұрын
Is that a Gibson in the background
@hackmedia7755 Жыл бұрын
common lisp has a lot of advanced features and doesn't have many security vulnerabilities like many other languages.
@420yttsantsujzttad2 жыл бұрын
Gud video 👍
@davidbombal2 жыл бұрын
Thank you!
@SiamYaya-s4h Жыл бұрын
انا ارغب فى هذه البرمجة ولكن لا عرف عنها شي اني صفر هل ممكن ان اتبدي وكم مدة سياخذني
@PUIT12802 жыл бұрын
❤😊
@davidbombal2 жыл бұрын
Thank you!
@yungdnny Жыл бұрын
Are you really a hacker if your webcam isn't half frozen? (i'm just teasing bc linux seems to struggle with screen tearing so much and i thought it was my pc)
@MAGICIANHACKERS2 жыл бұрын
Hello, is there a virus for all platforms?
@WarrenKirkpatrick2 жыл бұрын
Went to check the website out and the beginner course, the fundamentals, was like $7k… I mean wow..
@Botanisse2 жыл бұрын
please, David, show us how to hack webcam
@guilherme50942 жыл бұрын
👍👍!
@cdcrjp2nft8672 жыл бұрын
I been validating exploits on multiple platforms still no deal
@MutinyInteractive Жыл бұрын
This is why coding instructor are NEVER GOOD, at 35:15…. A good teacher can recognize a student savant who learns backwards. Those are usually the most talented and naturally inclined individuals on the planet per their respective interests Dave Chappelle, he writes his jokes backwards…. Same way I do, he doesn’t seem like someone who can recognize the ability to reverse engineer and have that actually be the better teaching instrument than not, he doesn’t have that radar