Jason Haddix shows us how he hacks Tesla and other companies. Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal Jason demonstrates tools and techniques to discover targets using free and low cost tools. Find the weakest link and you can get inside. Learn how to attack the back door or side door instead of the front door. //Jason's SOCIAL // KZfaq: kzfaq.info LinkedIn: www.linkedin.com/in/jhaddix Twitter: twitter.com/Jhaddix Github: github.com/jhaddix Boddobot: buddobot.com/ Bug Hunter’s methodology Course: tbhmlive.com/ // KZfaq Videos Mentioned // Darknet Diaries: kzfaq.info/get/bejne/pb-Thadq0MfTkY0.html How Nmap really works: kzfaq.info/get/bejne/fJiAi8iQ1J2voYE.html Real World hacking demo with OTW: kzfaq.info/get/bejne/iJeRoMpyt82qdKc.html // Websites Mentioned // Bugcrowd: bugcrowd.com/tesla Xmind: xmind.app/ Hurricane Electric: bgp.he.net/ Typing Mind: www.typingmind.com/ Crunchbase: www.crunchbase.com/ Occrp Aleph: aleph.occrp.org/ Shodan: www.shodan.io/ Bugcrowd: www.bugcrowd.com/resources/levelup/bug-bounty-hunter-methodology-v3/ // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // TIMESTAMPS // 00:00 - Coming Up 01:14 - Brilliant Ad 01:52 - Introduction to guest 02:51 - Reconnaissance 05:55 - Live Training 06:49 - Real-Life Examples 10:52 - Jason's Background 16:06 - Hacking Tesla 22:40 - Hurricane Electric 27:44 - Security Leading 32:47 - Nmap Scan 34:30 - Crunchspace 37:20 - Wiferion 40:51 - OCCRP Aleph 47:26 - Builtwith 54:32 - Shodan 1:00:30 - IPV 6 1:07:44 - Whoxy 1:15:55 - Kaeferjaeger 1:20:50 - Jason's Online Classes 1:22:06 - Final Thoughts 1:22:24 - Outro

I enjoyed this episode with Jason pulling the curtain back and sharing his methodology. A part 2 to his mindmap process would be great! Even a part 3!

I have to give Jason props, his information gathering is incredible and most are open source.

Please bring him back again, David I couldn't purchase his recent course on the bug hunting methodology 450$ because it was so expensive Please, David, create more content with Jason haddix so that those of us who do not have the financial capacity to afford his paid course to partake on his other program with you on KZfaq

Excellent content David! Jason did a great job in throughly explaining his recon methodology. PLEASE continue with Jason for a whole series on his TTPs.

Such great content David. I love that you cover such a wide range of the infosec world. And not only scratch the surface, but ACTUALLY get into these topics. Jason is the man. You should absolutely have him on again. The plethora of knowledge in that brain is incredible

One of the greatest videos on Recon. David you’re a blessing to the infosec world. Thank you for bringing Jason in.

Quick side note, I love that you used McLovin as the example, priceless. Also, I love when people say, “oh that’s too simple, they would never do that.” The example that he said with the demo and the company not setting up authentication is a perfect example. Never think something is too simple because someone is out there using it right now, I’m sure of it.

Another great one David! Recon is just such a wide field and I love how your guest really digs in.

Can’t wait for Jason to come back! So knowledgeable on finding which doors you forgot to lock. As a beginner I’d like to learn more about bug hunting, thanks so much David and Jason.

Loved this video! What I really wanted to see, even if for a brief moment, was the expanded Level 2 and Level 3 recon checklist topics, be it just out of the mind map or explored more in depth in the video. Looking forward to the next one!

Great episode! Your guest is absolutely phenomenal. Thank you both

Fantastic content, David & Jason! Thank you so much for the video👏. The tools are excellent and easy to jump right into. I look forward to see the follow up 🥳

This has got to be one of my favourite of your videos. A true goldmine for beginners like me. Jason is an amazing teacher.

This is unquestionably the best recon video i've ever seen! Every time im doing bug bounties im always worried about hacking out of scope but this makes a lot more sense.

Jason is AWESOME, please invite him again. This was definitely one of the best videos in the channel, So much value.

That's amazing. I haven't seen anything like this before. Jason explained stuff like it was easy peasy. I love it !

This was great, I really enjoyed it! Massive thanks to you both! I'd love a continuation of the recon!

Again one of the most clear videos on the issue of computer on wheels

This is such a great video. Love the workshop approach, and Jason is a great speaker easing into his process. Definitely want more of this type of content.

Absolutely waiting for the next episode with Jason. Thanks

The story about the organization that implemented the demo version of the customer relationship software into production is a great lesson. It’s reminiscent of not updating some platform with a known patch. It also reminds me of implementing appliances and software into production and not changing the default password.

What a cool video and I can’t wait to watch the whole thing. I just got to the part where Jason was talking about taking an elective on ethical hacking. Good on the teacher for not getting defensive when he said all the stuff was outdated and directing him to a career.

this is such a great session. Waiting for more sessions like this from Jason.

Awesome video. Many of your guests are informative but this has been the most informative I’ve seen thus far for me

Wow, that may be the most succinct explanation of an OSINT methodology on the web. Great guest!

A friend of mine once told me you can play one of two games when it comes to golf; swing the club or hit the ball. When you wind up your swing, the moment you take the stroke there is very little you can do to correct how you are going to hit the ball. If you get your setup correct though, you don't need to worry about the ball any more. Hacking feels similar in that if you do your setup right, the bugs are there and you don't need to worry about making the fine tuned adjustments on a landing page, your setup showed you all the other places you should target instead. The setup is critical.

Jason did a REALLY GOOD JOB! I hope we get an episode finishing all the levels on recon. I personally would like a video on Gaining access and Maintaining access. THANK YOU DAVID always a pleasure hearing the all too familiar South African accent.

Wow Thanks for giving Jason H the exposure he deserves !

Deam really good stuff, this man thinks out of the box, thanks for sharing with us David 🎉

Hi David, Thank you for your video. As always it brings excitement to the IT field.

I just can't wait to see second part. Thank you for sharing.

Great episode i really love the amount of information and we need another episode ❤️

Great content as usual mate, this shows how to implement a lot of things I've seen into an actual engagement.

Thank you @davidbombal for putting up such a great show and inviting the best professionals in the offensive side of security. Will definitely look for the hacking/exploitation stage in the upcoming episode with Jason. Much appreciated your efforts. Keep up the good work

I may have just found the thing that I can do every day and never work a day in my life. This type of hyper focused research and determination to not let the other person win is who I am. It's how I function without effort. I had never considered my "rabbit hole" brand of info seeking to be of any particular value beyond my own amusement. Ironically, I had a thought that maybe I am too old to pivot to sec, as my eyes catch a thumbnail titled "Am I too old to get into cybersecurity?"

you never fail to disappoint david. and jason is awesome. i loved this

Absolutely love seein Haddix on David's Bombal's podcast. He should call it the "Logic Bomb" podcast!!

Excellent video! Jason is the real deal! Thanks for having him on David!

This is one of the best shows that you uploaded .. I loved it.

This is one of the most fantastic security vids I've seen you post in a good while! Thank you David, and Jason!!!

awesome interview, much concentrated and well-shown material to learn from real pro. I`m so happy to find such an intersting chanel👍

I really loved this, thanks chaps, would love to see more about ipv4 -ipv6

the fish behind you and the quote below the fish "mindset is everything" is intresting.

The videos I like the most on your channel are were professionals show live pentesting stuff. You can learn a lot by looking over the shoulder of those people. Maybe you could bring TomNomNom or dawgyg on the show. Also the "Ruhr University of Bochum" in Germany is very active in security research of TLS protocol. Maybe you could ask people like Robert Merget if they want to present some of their research and tools on your channel.

I am totally blown away😁😁 .With this kind of research and attention to detail he can hack any company I cant wait for part 2 , 3 ,4 and 5 .

Excellent Video! I'm a PEN Tester, it's nice to know I'm on the same track and use many of the same tools, BUT this guy has taught me so much and he's so damn knowledgeable and is an excellent GURU!

That was great, great show always david.

Nothing like coming home from work and throwing on some David Bombal videos...

really enjoyed this Ep. love and respect for David sir and Jason sir!!!

If you get him back, I’d love to see him walk us through the NEXT phase of this bug bounty (or any other). Basically, the step AFTER recon. Vulnerability assessment, exploitation, etc. If u can’t do exploitation, then at least the vulnerability scanning. Basically the next step after recon lol. 1) what he does with all these IPs and domains he now has 2) what he’s looking for in the port scans 3) what he uses to assess vulnerable services. What sites or tools he uses to lookup if there are any known vulnerabilities for a particular service. Or vuln scanners, etc. 4) fuzzing (presumably with burp suite), etc

Legendary session! Thanks so much!

Amazing video. I'd love to see more of Jason.

Fantastic interview!

One more thing I would like to add to your content is if the period of the video is reduced it will just be awesome! (I can't watch a video that is not related to my profession (hacking is kind of a hobby!)) this will help you gain more attention as your content is already excellent!

I will appreciate a very high level view of Jason's web hacking methodology, just like recon process he could go into which vulnerabilities he tests for, in which order, using which tools or services, Don't go into details like explaining sqli from scratch but just 10,000 feet view of his workflow, and how he prioritizes differet web vulns, and how he goes about testing them.

One of the most Brilliant person i met, Jason Haddix.

I want to thank you for your excellent videos. I am trying to pivot into cybersecurity and your videos are providing real world examples and experience from some serious experts. I have been listening to Darknet Diaries for a few years now and I love that this ties into that episode. I will even go so far as to forgive your recent Rick Roll on KZfaq Shorts. Thank you for the time and experience you are sharing.

Thanks for giving him the time to show us all the latest tools he uses. I said before you choose the best to bring on this channel :-)

This is amazing, Jason is so epic!

The only hacker who truly learnt me to RECON without getting lost , Keep going

Amazing content, Thank you david bombal and Jhaddix.

Dude, I am glad you grew up to be on the right side. 😊

i really like this session there is lot of information i get from here very thanks to both of u

1:13:44 yeah thank you so much guys! I think the git-analysis sounds interesting for sure.

Excellent interview and insight 🎉

This really gave me some more practical insight.

Awesome content. I would luv to see the methodology of his day 2 hacking.

amazing video as always. Thanks you very much Sir David. Could be nice witrh a follow up with other levels of recon

This was fantastic. It will be great to cover the hacking itself. Cant wait -- Jason, you r rock bro.. Thanks David! Loved the stories.

IPv6 at scale takes too long, but most of the internet still runs on NAT. IPv6 doesn't matter if you're using NAT, because it works the same way as IPv4 at the end of the day. One IP running dual stack, find your open ports, and see what is going to forward you into the LAN and what isn't. Same stuff.

Oi David and Jason, thanks for the interesting content again! 👌

That's amazing!:)❤🎉Thanks for amazing content ❤

That Goku spirit bomb statue in the back instantly told me that I would like this dude, the statue wasn't wrong.

Jason opens my eyes in to whole new level in the world of hacking.

Rare to see recon in this depth for free publicly 👍

Boom, unreal data, well done💪🏻👍🏻

Excellent video, may I ask what is the application for the fluxogram?

Thank you David!!

Enjoyed it and it was very informative. Can you provide the checklist so that we can have it in our recon process?

How do you perform a separate workflow to find assets in the cloud? 25:30?

20:02 this is a very useful list of reconnaisance methods thank you, would love to know about level 2 and 3 methods too

Good stuff David 😊

This is golden!❤

Ould you please invite him for gull vug biunty course in multiple episodes? This would serve as aspiring students to get a real door to heaven

Good job!

awesome content, thank you!

Awesome content. Thanks!

please tell something about google dorking , how is it usefull in recon process?

Hello. The same activity can be done with Maltego Community or Recon-ng. What advantages does the use of these websites bring?

it's so instrutcive for people who wanna learn

Kindly do a session on how to manage assets and what to attack at start what specific asset we should go after.

I'd love to see how much more you can do Jason

Great! It would be nice to have more such content

Respect Fantastic content

great video, thanks

This is good. Thank you.

More cloud recon techniques! Awesome stuff all around. Any new api recon?

This was awesome !!!

I would love to see more!!