Jason Haddix shows us how he hacks Tesla and other companies. Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal Jason demonstrates tools and techniques to discover targets using free and low cost tools. Find the weakest link and you can get inside. Learn how to attack the back door or side door instead of the front door. //Jason's SOCIAL // KZbin: kzbin.info LinkedIn: www.linkedin.com/in/jhaddix Twitter: twitter.com/Jhaddix Github: github.com/jhaddix Boddobot: buddobot.com/ Bug Hunter’s methodology Course: tbhmlive.com/ // KZbin Videos Mentioned // Darknet Diaries: kzbin.info/www/bejne/pYrGg3dvoMail7s How Nmap really works: kzbin.info/www/bejne/fGOziZiVpJx-p68 Real World hacking demo with OTW: kzbin.info/www/bejne/iGLEnpp3h8x5etU // Websites Mentioned // Bugcrowd: bugcrowd.com/tesla Xmind: xmind.app/ Hurricane Electric: bgp.he.net/ Typing Mind: www.typingmind.com/ Crunchbase: www.crunchbase.com/ Occrp Aleph: aleph.occrp.org/ Shodan: www.shodan.io/ Bugcrowd: www.bugcrowd.com/resources/levelup/bug-bounty-hunter-methodology-v3/ // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // TIMESTAMPS // 00:00 - Coming Up 01:14 - Brilliant Ad 01:52 - Introduction to guest 02:51 - Reconnaissance 05:55 - Live Training 06:49 - Real-Life Examples 10:52 - Jason's Background 16:06 - Hacking Tesla 22:40 - Hurricane Electric 27:44 - Security Leading 32:47 - Nmap Scan 34:30 - Crunchspace 37:20 - Wiferion 40:51 - OCCRP Aleph 47:26 - Builtwith 54:32 - Shodan 1:00:30 - IPV 6 1:07:44 - Whoxy 1:15:55 - Kaeferjaeger 1:20:50 - Jason's Online Classes 1:22:06 - Final Thoughts 1:22:24 - Outro

I have to give Jason props, his information gathering is incredible and most are open source.

I enjoyed this episode with Jason pulling the curtain back and sharing his methodology. A part 2 to his mindmap process would be great! Even a part 3!

Excellent content David! Jason did a great job in throughly explaining his recon methodology. PLEASE continue with Jason for a whole series on his TTPs.

Please bring him back again, David I couldn't purchase his recent course on the bug hunting methodology 450$ because it was so expensive Please, David, create more content with Jason haddix so that those of us who do not have the financial capacity to afford his paid course to partake on his other program with you on KZbin

Such great content David. I love that you cover such a wide range of the infosec world. And not only scratch the surface, but ACTUALLY get into these topics. Jason is the man. You should absolutely have him on again. The plethora of knowledge in that brain is incredible

One of the greatest videos on Recon. David you’re a blessing to the infosec world. Thank you for bringing Jason in.

Quick side note, I love that you used McLovin as the example, priceless. Also, I love when people say, “oh that’s too simple, they would never do that.” The example that he said with the demo and the company not setting up authentication is a perfect example. Never think something is too simple because someone is out there using it right now, I’m sure of it.

Another great one David! Recon is just such a wide field and I love how your guest really digs in.

Great episode! Your guest is absolutely phenomenal. Thank you both

Can’t wait for Jason to come back! So knowledgeable on finding which doors you forgot to lock. As a beginner I’d like to learn more about bug hunting, thanks so much David and Jason.

Loved this video! What I really wanted to see, even if for a brief moment, was the expanded Level 2 and Level 3 recon checklist topics, be it just out of the mind map or explored more in depth in the video. Looking forward to the next one!

Fantastic content, David & Jason! Thank you so much for the video👏. The tools are excellent and easy to jump right into. I look forward to see the follow up 🥳

Jason is AWESOME, please invite him again. This was definitely one of the best videos in the channel, So much value.

This was great, I really enjoyed it! Massive thanks to you both! I'd love a continuation of the recon!

This is such a great video. Love the workshop approach, and Jason is a great speaker easing into his process. Definitely want more of this type of content.

Again one of the most clear videos on the issue of computer on wheels

This has got to be one of my favourite of your videos. A true goldmine for beginners like me. Jason is an amazing teacher.

this is such a great session. Waiting for more sessions like this from Jason.

Absolutely waiting for the next episode with Jason. Thanks

That's amazing. I haven't seen anything like this before. Jason explained stuff like it was easy peasy. I love it !

Wow Thanks for giving Jason H the exposure he deserves !

This is unquestionably the best recon video i've ever seen! Every time im doing bug bounties im always worried about hacking out of scope but this makes a lot more sense.

I just can't wait to see second part. Thank you for sharing.

Great episode i really love the amount of information and we need another episode ❤️

Awesome video. Many of your guests are informative but this has been the most informative I’ve seen thus far for me

What a cool video and I can’t wait to watch the whole thing. I just got to the part where Jason was talking about taking an elective on ethical hacking. Good on the teacher for not getting defensive when he said all the stuff was outdated and directing him to a career.

Deam really good stuff, this man thinks out of the box, thanks for sharing with us David 🎉

The story about the organization that implemented the demo version of the customer relationship software into production is a great lesson. It’s reminiscent of not updating some platform with a known patch. It also reminds me of implementing appliances and software into production and not changing the default password.

Absolutely love seein Haddix on David's Bombal's podcast. He should call it the "Logic Bomb" podcast!!

Wow, that may be the most succinct explanation of an OSINT methodology on the web. Great guest!

Jason did a REALLY GOOD JOB! I hope we get an episode finishing all the levels on recon. I personally would like a video on Gaining access and Maintaining access. THANK YOU DAVID always a pleasure hearing the all too familiar South African accent.

Amazing video. I'd love to see more of Jason.

Hi David, Thank you for your video. As always it brings excitement to the IT field.

The videos I like the most on your channel are were professionals show live pentesting stuff. You can learn a lot by looking over the shoulder of those people. Maybe you could bring TomNomNom or dawgyg on the show. Also the "Ruhr University of Bochum" in Germany is very active in security research of TLS protocol. Maybe you could ask people like Robert Merget if they want to present some of their research and tools on your channel.

Excellent video! Jason is the real deal! Thanks for having him on David!

I really loved this, thanks chaps, would love to see more about ipv4 -ipv6

the fish behind you and the quote below the fish "mindset is everything" is intresting.

Nothing like coming home from work and throwing on some David Bombal videos...

Great content as usual mate, this shows how to implement a lot of things I've seen into an actual engagement.

awesome interview, much concentrated and well-shown material to learn from real pro. I`m so happy to find such an intersting chanel👍

I am totally blown away😁😁 .With this kind of research and attention to detail he can hack any company I cant wait for part 2 , 3 ,4 and 5 .

Thank you @davidbombal for putting up such a great show and inviting the best professionals in the offensive side of security. Will definitely look for the hacking/exploitation stage in the upcoming episode with Jason. Much appreciated your efforts. Keep up the good work

This is one of the best shows that you uploaded .. I loved it.

This is one of the most fantastic security vids I've seen you post in a good while! Thank you David, and Jason!!!

Thanks for giving him the time to show us all the latest tools he uses. I said before you choose the best to bring on this channel :-)

Legendary session! Thanks so much!

Fantastic interview!

This is amazing, Jason is so epic!

you never fail to disappoint david. and jason is awesome. i loved this

really enjoyed this Ep. love and respect for David sir and Jason sir!!!

One of the most Brilliant person i met, Jason Haddix.

Excellent Video! I'm a PEN Tester, it's nice to know I'm on the same track and use many of the same tools, BUT this guy has taught me so much and he's so damn knowledgeable and is an excellent GURU!

The only hacker who truly learnt me to RECON without getting lost , Keep going

That was great, great show always david.

This really gave me some more practical insight.

I will appreciate a very high level view of Jason's web hacking methodology, just like recon process he could go into which vulnerabilities he tests for, in which order, using which tools or services, Don't go into details like explaining sqli from scratch but just 10,000 feet view of his workflow, and how he prioritizes differet web vulns, and how he goes about testing them.

I want to thank you for your excellent videos. I am trying to pivot into cybersecurity and your videos are providing real world examples and experience from some serious experts. I have been listening to Darknet Diaries for a few years now and I love that this ties into that episode. I will even go so far as to forgive your recent Rick Roll on KZbin Shorts. Thank you for the time and experience you are sharing.

Awesome content. I would luv to see the methodology of his day 2 hacking.

One more thing I would like to add to your content is if the period of the video is reduced it will just be awesome! (I can't watch a video that is not related to my profession (hacking is kind of a hobby!)) this will help you gain more attention as your content is already excellent!

Amazing content, Thank you david bombal and Jhaddix.

it's so instrutcive for people who wanna learn

i really like this session there is lot of information i get from here very thanks to both of u

Dude, I am glad you grew up to be on the right side. 😊

Excellent video, may I ask what is the application for the fluxogram?

I may have just found the thing that I can do every day and never work a day in my life. This type of hyper focused research and determination to not let the other person win is who I am. It's how I function without effort. I had never considered my "rabbit hole" brand of info seeking to be of any particular value beyond my own amusement. Ironically, I had a thought that maybe I am too old to pivot to sec, as my eyes catch a thumbnail titled "Am I too old to get into cybersecurity?"

Excellent interview and insight 🎉

If you get him back, I’d love to see him walk us through the NEXT phase of this bug bounty (or any other). Basically, the step AFTER recon. Vulnerability assessment, exploitation, etc. If u can’t do exploitation, then at least the vulnerability scanning. Basically the next step after recon lol. 1) what he does with all these IPs and domains he now has 2) what he’s looking for in the port scans 3) what he uses to assess vulnerable services. What sites or tools he uses to lookup if there are any known vulnerabilities for a particular service. Or vuln scanners, etc. 4) fuzzing (presumably with burp suite), etc

A friend of mine once told me you can play one of two games when it comes to golf; swing the club or hit the ball. When you wind up your swing, the moment you take the stroke there is very little you can do to correct how you are going to hit the ball. If you get your setup correct though, you don't need to worry about the ball any more. Hacking feels similar in that if you do your setup right, the bugs are there and you don't need to worry about making the fine tuned adjustments on a landing page, your setup showed you all the other places you should target instead. The setup is critical.

1:13:44 yeah thank you so much guys! I think the git-analysis sounds interesting for sure.

That's amazing!:)❤🎉Thanks for amazing content ❤

amazing video as always. Thanks you very much Sir David. Could be nice witrh a follow up with other levels of recon

This was fantastic. It will be great to cover the hacking itself. Cant wait -- Jason, you r rock bro.. Thanks David! Loved the stories.

Enjoyed it and it was very informative. Can you provide the checklist so that we can have it in our recon process?

Boom, unreal data, well done💪🏻👍🏻

Oi David and Jason, thanks for the interesting content again! 👌

Rare to see recon in this depth for free publicly 👍

awesome content, thank you!

bring Jason back, this was so good

Jason opens my eyes in to whole new level in the world of hacking.

Hey David, any chance to cover physical security aspect of pentesting? Thanks for amazing content ❤

We need part 2, more content!

That Goku spirit bomb statue in the back instantly told me that I would like this dude, the statue wasn't wrong.

Thank you David!!

20:02 this is a very useful list of reconnaisance methods thank you, would love to know about level 2 and 3 methods too

READY! for level 2

Good stuff David 😊

Need more otw with jason ❤

Ould you please invite him for gull vug biunty course in multiple episodes? This would serve as aspiring students to get a real door to heaven

I'd love to see how much more you can do Jason

This is golden!❤

Great! It would be nice to have more such content

We need to see those corporate training videos on the channel, for science; of course 😉

Bro you 2 are SO!SO!KNOWLEDGEABLE, IF U 2 WERE BLACK HATS (OH MY DIZZY DIZZY DAYS YOU 2, IME SO DEPRESSED THAT I COULDNT JUMP ON THE TECH TRAIN . HOW YOU FEEL DAVID!""BLA-DDY WONDERUL ME OLD CHINA,JASON +JASON YOU TRULY ARE A LIGHT THAT SHOWS YOU THE WAY..(THANK YOU 2 ,AND LOVE FVROM THE BIRMINGHAM UNITED KINGDOM.)

This is good. Thank you.

I would love to see more!!

great video, thanks

We want more from this man 🤩🤩🤩🤩🤩

Thanks David !

Good job!