Ex-NSA hacker tools for real world pentesting

What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!

5000 pen tests? Even if you conducted 1 pentest a week for a year ( 52 tests a year). It would take 96 years. If you were looking at 5 applications a week (260 a year) that’s still 19 years. Something doesn’t make sense.

If you do two pentests per week (which is a lot), it will take you nearly 48 years to perform 5000 🤨

Him: "I've done like 5000 pen tests.. multiple tests every week, for 7 years." Reality: 3 per week x 52 weeks x 7 years = 1092 tests. He'd actually have to do 3 per day.

Well, to do 5000 penetration test in a span of 8 years would mean he was doing about 12 a week, on a 5 day week, that's 2.4 / day, and a 6 day week, 2 / day. How long does a penetration test take because if he did 5000+, then of course those numbers per day will up. I used 8 years because he said 7+ years, meaning more than 7 but less than 8. I'm not trying to troll by any means, just that I've found that when people are asked about their experience, they tend to exaggerate dramatically. Yes, maybe he has done a lot, certainly more than the average viewer I would imagine, but those numbers seem a little high, but knowing the time it takes to do a single, thorough penetration test would be helpful. My preliminary research is showing from a minimum of 1 day to weeks depending on the complexity of the environment, number of hosts, number applications being used, ect.

To do 5000 pen tests in 8 years, he'd have to average over 2 per day (assuming he worked 5 days per week).

Cannot wait for OSINT video. I am so in to it right now

Him: "I socially engineered the hotel when I got there to get a room with a window that faces the target" Reality: I'd like to book a room that faces um .. West. Hotel: No problem sir, here's your room key. Him: Hacked!!!

After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.

Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.

Bro glitching IRL

Was that a MV Transportation badge?

0:00 ▶ Introduction 1:17 ▶ Neal sees pentesting differently 2:00 ▶ Neal's advice from experience 3:18 ▶ Neal's 5,000 pentests 4:30 ▶ Take NSA and experience 5:10 ▶ Preparation is key 5:50 ▶ OSINT 6:30 ▶ Actual Pentest report 7:50 ▶ Pretexting 8:45 ▶ Another real world example 9:30 ▶ Planning is very important 10:15 ▶ Leave stuff in your car? 11:55 ▶ Right tools for the job 12:05 ▶ Top tools 12:30 ▶ Extra cables 12:58 ▶ Hak5 Ethernet cable 13:10 ▶ Is Hak5 a necessity 13:57 ▶ Rubber Ducky 14:30 ▶ Hak5 are great 15:00 ▶ Real world example of equipment 15:30 ▶ You can create your own stuff 16:10 ▶ Your time is money 16:30 ▶ Proxmark 17:30 ▶ Crazy RFID reader 18:50 ▶ Poor planning RFID example 20:20 ▶ Your time is worth something! 21:00 ▶ Hone your tradecraft 21:20 ▶ Proxmark explanation 21:50 ▶ A reader doesn't give you access. You need a pretext 23:50 ▶ Social engineering 25:50 ▶ You need a story 26:04 ▶ Social Engineering vs tech 29:00 ▶ Physical access is king 30:00 ▶ What to do once past the door 31:19 ▶ Military facility pentest 33:27 ▶ Look for a network port 34:49 ▶ You want to get out of there 35:04 ▶ Hak5 Lan turtle 36:35 ▶ Back of computer vs switch 37:32 ▶ Pop it into the back of the computer 38:11 ▶ What about WiFi 38:50 ▶ TP-Link WiFi Card 39:50 ▶ Ubertooth 40:50 ▶ HackRF One 41:56 ▶ Hak5 Pineapple 42:09 ▶ SDR 43:00 ▶ Real world example 44:13 ▶ Alfa Network Adapter 44:50 ▶ Wifi Hacking 44:49 ▶ Alfa not practical so much 46:20 ▶ You cannot charge for a WiFi pentest 47:17 ▶ You are making it real 47:45 ▶ WiFi can be social engineering 48:47 ▶ Captive portal 49:40 ▶ Rogue Access point 50:40 ▶ Real world wifi pentest example 51:30 ▶ Port Security 51:57 ▶ Hak5 Pineapple access corporate network 52:34 ▶ Always social engineering 53:00 ▶ Pyramid of pain 53:14 ▶ Stuxnet 54:45 ▶ Telsa attack 55:07 ▶ NSA examples 56:32 ▶ Human Intelligence Hacking Example 58:40 ▶ Another hacking example 1:00:18 ▶ WiFi hacking example 1:01:32 ▶ Neal's photo while hacking 1:03:22 ▶ Once inside, you are trusted 1:03:40 ▶ Summary of devices 1:03:55 ▶ Hak5 switch 1:04:08 ▶ Extra cables 1:04:15 ▶ Hak5 Rubber Ducky 1:04:30 ▶ Hak5 Pineapple 1:04:54 ▶ Hak5 Bash Bunny 1:04:58 ▶ Hak5 Packet Squirrel 1:06:26 ▶ Ubertooth 1:06:31 ▶ Proxmark 1:07:00 ▶ Value of networking knowledge 1:07:32 ▶ Neal got his CCNA 1:08:50 ▶ Very few companies use port security properly 1:10:08 ▶ Cain and Abel 1:11:00 ▶ Are zero days worth it 1:12:05 ▶ Shiny objects vs Neal's wisdom 1:13:37 ▶ Real world hard talk 1:14:25 ▶ What do you recommend 1:16:55 ▶ Neal and David going to do something

20:57 so I just got into hacking and pentesting recently and I don´t really have a lot of money, but I have time. I wanted a rubber ducky, but it was too expensive for me, and i found the pico ducky project. So I bought a raspberry pi pico and started the project. It didn´t take me too long to make it work, it was pretty fun to do and a lot cheaper than a real rubber ducky. Also I learned a lot, and the raspberry pi pico seems to have a lot more applications than a rubber ducky. So yeah, I agree that time is money, and that your time has value, but if you have time, wanna learn new things or just don´t have a lot of money maybe the DIY is a good choice.

It always amazes me how far you can get with social engineering and knowing how people react. So here is my example from a pen test I did years ago. First, I made a bad copy of an employee ID, picture, logo, and wording was in the right place but logo color was a bit different and the writing was not the same. Put the ID on an ID belt clip and clipped it on my belt in such a way that it was close to my crotch. People will not spend time scrutinizing your crotch, they will give it a glance and if it looks ok at a glance they accept it. I then walked in with some smokers. Sometimes called ghosting into the building. Once inside I grabbed a clipboard with some paper on it that was sitting on an unoccupied desk, though it worked with a folder or a notepad as well, and proceed to wander the building like I was lost. I was stopped by a nice lady who asked if she could help me. I told her it was my first day and there was no computer at my desk. My new boss told me to go to the IT department but I dont see it on this floor. She was nice enough to tell me I got off the elevator on the wrong floor and give me directions to the IT department. Once at the IT department I walked in like I owned the place, clipboard in hand and asked "Whos the domain Admin?" I was pointed at a lady who handled AD and told her "The company hired me to do a pen test." (That part is true) "Now I have software that will get me the SAM login database but when I run it, it causes the AD server to blue screen." (This is BS as I didnt have some magic software to do it) "While that is actually part of the pen test they hired me to do, I thought I would come meet the admin and see if they were willing to say I did it and just plug in this USB stick and copy the SAM database file on to it." She took the USB stick from my hand, had me follow her to the server room and plugged it directly into one of the AD servers. When I asked why we had to do it from the AD server she let me know that they disabled all the USB ports on the desktops so we had to do it at the server. Best part was that with the SAM DB and some common software, I ended up cracking all but 2 passwords. On a company with 25k employees. I didn't even try to connect to the wifi or plug anything into the network. I did that part much later. You can imagine how that report went. lol Loved the video and agree, social engineering is a huge part of pen testing.

Call me crazy but if I had performed 5000+ pen tests, my streaming room IF I even cared to have one, wouldn't be furnished with a cheap gaming chair and led lit hexagons that every other youtube content creator had.

Correctly formatted and grammatically correct list of TimeStamps Menu: 00:00 Introduction 01:17 Neal sees pentesting differently 02:00 Neal's advice from experience 03:18 Neal's 5,000 pentests 04:30 Take NSA and experience 05:10 Preparation is key 05:50 OSINT 06:30 Actual Pentest report 07:50 Pretexting 08:45 Another real-world example 09:30 Planning is very important 10:15 Leave stuff in your car? 11:55 Right tools for the job 12:05 Top tools 12:30 Extra cables 12:58 Hak5 Ethernet cable 13:10 Is Hak5 a necessity 13:57 Rubber Ducky 14"30 Hak5 are great 15:00 Real-world example of equipment 15:30 You can create your own stuff 16:10 Your time is money 16:30 Proxmark 17:30 Crazy RFID reader 18:50 Poor planning RFID example 20:20 Your time is worth something! 21:00 Hone your tradecraft 21:20 Proxmark explanation 21:50 A reader doesn't give you access. You need a pretext 23:50 Social engineering 25:50 You need a story 26:04 Social Engineering vs tech 29:00 Physical access is king 30:00 What to do once past the door 31:19 Military facility pentest 33:27 Look for a network port 34:49 You want to get out of there 35:04 Hak5 Lan turtle 36:35 Back of computer vs switch 37:32 Pop it into the back of the computer 38:11 What about WiFi 38:50 TP-Link WiFi Card 39:50 Ubertooth 40:50 HackRF One 41:56 Hak5 Pineapple 42:09 SDR 43:00 Real-world example 44:13 Alfa Network Adapter 44:50 Wifi Hacking 44:49 Alfa not practical so much 46:20 You cannot charge for a WiFi pentest 47:17 You are making it real 47:45 WiFi can be social engineering 48:47 Captive portal 49:40 Rogue Access point 50:40 Real-world wifi pentest example 51:30 Port Security 51:57 Hak5 Pineapple access corporate network 52:34 Always social engineering 53:00 Pyramid of pain 53:14 Stuxnet 54:45 Telsa attack 55:07 NSA examples 56:32 Human Intelligence Hacking Example 58:40 Another hacking example 1:00:18 WiFi hacking example 1:01:32 Neal's photo while hacking: 1:03:22 Once inside, you are trusted 1:03:40 Summary of devices 1:03:55 Hak5 switch 1:04:08 Extra cables 1:04:15 Hak5 Rubber Ducky 1:04:30 Hak5 Pineapple 1:04:54 Hak5 Bash Bunny 1:04:58 Hak5 Packet Squirrel 1:06:26 Ubertooth 1:06:31 Proxmark 1:07:00 Value of networking knowledge 1:07:32 Neal got his CCNA 1:08:50 Very few companies use port security properly 1:10:08 Cain and Abel 1:11:00 Are zero-days worth it 1:12:05 Shiny objects vs Neal's wisdom 1:13:37 Real-world hard talk 1:14:25 What do you recommend 1:16:55 Neal and David going to do something

I mean come on guys, why do u have to say such a bullshit number like 5000 pentest? How? 5000 days is almost 14 years. This would mean that you had done a single pentest in a day for almost 14 year EVERY day. Like...why are saying such a dumb number? :D

How often did he said right?

I've been in IT for almost three months now and it is wild how many people are trusting of me with their password to their account when doing password resets. They get frustrated making a new password that they either ask me to do it for them or write it down for them. They think just because I am in IT that I am trustworthy - not to say I am not but I digress.