David Bombal

I talk about the future with Mikko Hyppönen, the author of "If it's Smart, it's Vulnerable" - we discuss the huge risks of having smart devices (and dumb devices getting smart connectivity). What does this mean for your privacy and security? Is the future just gloom and doom? Mikko Hyppönen is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulnerable. He works as the Chief Research Officer at WithSecure (former F-Secure for Business) and as the Principal Research Advisor at F-Secure. Source: Wikipedia. // TED Talks // - How the NSA betrayed the world's trust -- time to act: https://youtu.be/9CqVYUOjHLw - Living in a surveillance state: https://youtu.be/lHj7jgQpnBM The Internet is on fire: https://youtu.be/QKe-aO44R7k - Fighting viruses, defending the net: https://youtu.be/cf3zxHuSM2Y - Three types of online attack: https://youtu.be/VM7HQ_zbdIw // DEFCON Talks // - The history and evolution of computer viruses: https://youtu.be/1y36gnV5DNw // Mikko's SOCIAL // Twitter: https://twitter.com/mikko Wikipedia: https://en.wikipedia.org/wiki/Mikko_H... // David's SOCIAL // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube Main Channel: https://www.youtube.com/davidbombal YouTube Tech Channel: https://youtube.com/channel/UCZTIRrEN... YouTube Clips Channel: https://www.youtube.com/channel/UCbY5... YouTube Shorts Channel: https://www.youtube.com/channel/UCEyC... Apple Podcast: https://davidbombal.wiki/applepodcast Spotify Podcast: https://open.spotify.com/show/3f6k6gE... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com wifi bluetooth hue tv cctv monitor camera hack hacker hacking cybersecurity infosec iot nsa nsa hacking rsa rsa conference internet of things iot vulnerable internet of things vulnerability iot hacking iot hacker iot devices camera smart tv tv smart speaker encryption apple google degoogle phone degoogling a phone ios skynet robocop pine phone privacy online privacy online privacy guide internet security tracking online privacy for kids online privacy and security online privacy it doesnt exist online privacy tips online privacy ted talk online privacy guide online privacy for students internet security tutorial edward snowden naomi brockwell privacy five eyes 5 eyes brave browser tor protonvpn protonmail duckduckgo google online tracking ios android graphite phone privacy browser privacy browser ios privacy broke privacy browser for pc anonymous hide online hidden identity hide identity online data hack identity internet privacy social change technology Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hacking #wifi #iot

15 Nov 20221h 1min

What are the top hacking books to get started? Practical and good hacking books? OTW discusses his favourite Hacking and cybersecurity books with me. Do you agree with him? Did we miss any great books? // MENU // 00:00 - Coming Up 00:20 - Intro 00:25 - Welcome Back OccupyTheWeb 00:55 - Network Basics for Hackers 02:04 - Other Books Releasing 02:51 - OccupyTheWeb Book Recommendations 03:22 - Linux Basics for Hackers 05:02 - Gray Hat Hacking 05:52 - This is How They Tell Me the World Ends 07:49 - Hands On Hacking 09:33 - Penetration Testing 10:56 - Getting Started Becoming a Master Hacker 12:11 - The Science of Human Hacking 14:01 - Black Hat Python 15:25 - TikTok 16:15 - Hacking Connected Cars 17:47 - Hacking: The Art of Exploitation 18:29 - Pentesting Blueprint 19:21 - Hacking APIs 19:54 - Bug Bounty Bootcamp 21:02 - Books Conclusion 21:46 - Networking 22:58 - Conclusion 23:55 - Web Hacker's Handbook 24:29 - Go 25:39 - Hacker's Playbook 26:45 - Outro // BOOKS // - Linux basics for hackers by Occupy the Web: https://amzn.to/3A2oJM1 - Gray Hat Hacking Sixth Edition, The Ethical Hacker’s Handbook by Various Authors: https://amzn.to/3TkI0Pr - This is how they tell me the world ends by Nicole Perlroth: https://amzn.to/3NWj3st - Hands on Hacking by Matthew Hickey and Jennifer Arcuri: https://amzn.to/3WImAia - Penetration Testing by Georgia Weidman: https://amzn.to/3UL1i1D - The Science of Human Hacking by Christopher Hadnagy (social engineering): https://amzn.to/3UssbaM - Getting started becoming a master hacker by Occupy the Web: https://amzn.to/3EmguNa - Black Hat Python by Justin Seitz and Tim Arnold: https://amzn.to/3yQIdTD - Hacking Connected Cars by Alissa Knight: https://amzn.to/3G5cRN5 - Hacking: The Art of Exploitation by Jon Erickson: https://amzn.to/3ElVhTI - The Pentester Blueprint by Phillip L. Wylie and Kim Crawley: https://amzn.to/3WIoGP4 - Hacking API’s by Corey J.Ball: https://amzn.to/3EfXDT5 - Bug Bounty Bootcamp by Vickie Li: https://amzn.to/3GlG8U3 - Network basics for hackers by Occupy the Web (coming in 2023) // Videos mentioned // - Hacking Cars like Mr Robot: https://www.youtube.com/watch?v=5LvqU... - Hacking Cell phones like Mr Robot: https://youtu.be/bK1lsI-ehL8 - Nicole Perlroth: Cybersecurity and the weapons of Cyberwar: https://youtu.be/hy2G3PhGm-g - Best Hacking Python Book: https://www.youtube.com/watch?v=2B76C... - Hacking API’s and Cars: You need to learn this in 2022 https://www.youtube.com/watch?v=4VaHN... - Free API Hacking Course https://www.youtube.com/watch?v=CkVvB... - Bug Bounty Bootcamp https://www.youtube.com/watch?v=QqrK2... - Top 5 hacking books with Neal Bridges: https://youtu.be/VrayWzHKVw4 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web's SOCIAL // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot hacking books hack hacker hacking python python hacking black hat python gray hat hacking linux linux for hackers bug bounty nsa nsa hacker nsa hacking ethical hacking ceh oscp ine try hack me hack the box hacking ethical hacker oscp certification ctf for beginners Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hacking #hack #cybersecurity

15 Nov 202227min

Don't make the mistake of exposing your IP address and personal data. Make sure that you hack like a ghost. Doesn't matter if you just want privacy online or you want to be invisible. // MENU // 00:00 - Coming up 00:29 - Disclaimer 00:33 - Sparc Flow and How to Hack Like... books overview 04:24 - The "unrealistic" in the real world 05:56 - "How to Hack Like a Ghost" behind the scenes 08:30 - Love/hate relationship with the security industry // Advice for beginners 11:51 - Not knowing everything is fine 13:10 - Stakes as a Pentester vs Hacker 15:36 - How to cover your tracks // Wardriving, Proton VPN, Brave 23:52 - Linux Tails // Red teaming, bouncing servers 25:51 - Don't leave trails // Hacking big companies 28:25 - Chromebooks vs hackers 28:58 - Bouncing servers, Frontline servers, Command & Control servers, Redirectors 35:20 - The problem with CTFs 37:09 - Sparc Flow's journey to cyber-security 40:13 - Advice for beginners // How to get started 45:40 - Important skills to have 51:16 - SparcFlow's new book 53:31 - Conclusion // Books // Hack like a Ghost: https://amzn.to/3E2KAFm Hack like a Legend: https://amzn.to/3hh28F7 Hack like a Pornstar: https://amzn.to/3fw4L5r How to Hack Like a GOD: https://amzn.to/3TnkrG1 Ultimate Guide for being Anonymous: https://amzn.to/3Uv Counter Hack Reloaded: https://amzn.to/3zNjaB3 The Art of Intrusion: https://amzn.to/3sYPEEw // Software mentioned // Note: There are NOT affiliate links. Just listed here to hopefully help you: Proton VPN: https://protonvpn.com/ Brave: https://brave.com/ Privacy Badger: https://privacybadger.org/ uBlock Origin: https://github.com/gorhill/uBlock // CTFs // IppSec: https://www.youtube.com/ippsec LiveOverflow: https://www.youtube.com/LiveOverflow // SparcFlow's SOCIAL // Twitter: https://twitter.com/sparcFlow Blog: https://sparcflow.substack.com/ // David's SOCIAL // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube Main Channel: https://www.youtube.com/davidbombal YouTube Tech Channel: https://youtube.com/channel/UCZTIRrEN... YouTube Clips Channel: https://www.youtube.com/channel/UCbY5... YouTube Shorts Channel: https://www.youtube.com/channel/UCEyC... Apple Podcast: https://davidbombal.wiki/applepodcast Spotify Podcast: https://open.spotify.com/show/3f6k6gE... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com hack hacker hacking ghost tails tails linux linux hack like a ghost hack like a legend invisible online hide identity privacy cyber security kali linux ethical hacking penetration testing ethical hacker black hat book review how to hack cyber security course hacking books computer hacking cyber security career cyber security analyst online privacy internet security online privacy for kids online privacy and security online privacy tips online privacy guide internet security tutorial edward snowden brave browser tor protonvpn protonmail duckduckgo google graphite phone privacy browser privacy browser ios privacy broke hide online hidden identity anonymous bullying #hacking #privacy #hack

10 Nov 202254min

Are the hacks shown in Mr Robot fact or fiction? How real are they actually? OTW discusses new vulnerabilities and issues with devices found in millions of companies around the world. OTW loves the Mr Robot TV Series as a lot of them are actually realistic - unlike a lot of other shows. Want to learn more from Occupy the Web? You can join his classes using these links: Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // MENU // 00:00 - Coming up // Hacking Uninterruptible Power Supplies (UPS) 00:28 - Intro & Disclaimers 00:40 - Mr Robot episode recap // Hacking UPSs 02:57 - UPS breakdown 04:23 - UPS GUI examples 05:38 - Accessing the UPSs through a Femtocell 06:57 - UPS vulnerabilities // Embedding malware in firmware updates 14:30 - Intelligence agencies // Collecting data 17:45 - UPS vulnerability // Lead-acid battery corrosion 20:12 - "Hacking can kill" 21:57 - The Mr Robot series // Reality or fiction? 26:17 - Importance of Social Engineering 27:38 - Conclusion // Mr Robot Playlist // https://www.youtube.com/playlist?list... // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web social // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // Occupy The Web books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh // Other books // The Linux Command Line: https://amzn.to/3ihGP3j How Linux Works: https://amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: https://amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: https://amzn.to/3dDUZN8 // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot kali linux linux parrot os kali hacker hacking hack cybersecurity ups apc nsa nsa hacker nsa hacking ethical hacking ceh oscp ine try hack me hack the box hacking ethical hacker oscp certification ctf for beginners Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #mrrobot #hacking #kalilinux

10 Nov 202227min

Get Proton VPN for free: https://go.getproton.me/SHWN or get Proton Mail here: https://go.getproton.me/SHWO OTW and I get asked this question all the time: "What's the best laptop to buy for hacking?" In this video we answer that question and more. // Menu // 00:00 - Coming up 00:32 - Intro 00:38 - Sponsored Segment 01:41 - "The perfect laptop for hacking" 04:50 - Getting the right CPU 06:52 - The importance of RAM 07:49 - WiFi adapters for WiFi hacking 09:45 - "Gear doesn't matter" 12:57 - Virtual Machines for beginners 15:40 - What OS do I need? 16:23 - VM issues with M1 & M2 chips 19:27 - Kali bare-metal and Kali VM 22:10 - Which Linux is better? 23:30 - Dragon OS // New OS for SDR 24:19 - Know your Linux! 25:26 - Don't waste money on the greatest and latest tech 26:34 - Desktop vs Laptop 27:51 - Learn hacking on a phone 29:48 - The Raspberry Pi // Effective learning environment 32:23 - Linux can work on old computers 33:01 - Conclusion // Videos mentioned // Best hacking laptop (2021 edition) with Neal Bridges: https://youtu.be/jsMp65-piIc SDR hacking: https://youtu.be/5LvqU3-iINk Kali Linux install on Raspberry Pi: https://youtu.be/PqRVo2niA_8 Kali Linux install on Android (rootless): https://youtu.be/KxOGyuGq0Ts Kali Linux USB boot: https://youtu.be/n2olKupv9fY Kali Linux WSL install: https://youtu.be/UXyS-xofGNM Kali Linux WSL2 GUI Apps: https://youtu.be/mp5DdgZP7ns Kali Linux Windows install: https://youtu.be/W6_nBr8SbPE Kali Linux macOS: https://youtu.be/fcrSmbUIHuo // Mr Robot Playlist // https://www.youtube.com/playlist?list... // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web social // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // Occupy The Web books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh // Recommended WiFi adapters // Alfa AWUS036NHA: https://amzn.to/3wnyVen Alfa AWUS036ACM: https://amzn.to/3fCL4WT Alfa AWUS036ACH: https://amzn.to/3rLAjny or https://amzn.to/2PxkkMV Others: Alfa AWUS1900: https://amzn.to/31E0AtH Alfa Long-Range Dual-Band AC1200: https://amzn.to/34UUCEL Alfa AWUS036NEH: https://amzn.to/3sK2iW8 Panda PAU05: https://amzn.to/3ue23Da Panda PAU06: https://amzn.to/3wwqRZ8 Panda PAU09: https://amzn.to/3wosx6X WiFi Nation 802.11ac AC600: https://amzn.to/3cLQddm WiFi Nation Atheros AR9271: https://amzn.to/3u8JUqm // Other books // The Linux Command Line: https://amzn.to/3ihGP3j How Linux Works: https://amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: https://amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: https://amzn.to/3dDUZN8 // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot kali linux parrot os kali hacker hacking hack best hacking laptop best laptop for hacking best hacker laptop hacker laptop hacker laptop setup best hacking laptop 2022 best hacking laptop and os best hacking operating system best hacking os vmware virtualbox bare metal hacker cybersecurity nsa nsa hacker nsa hacking ethical hacking ceh oscp ine try hack me hack the box hacking ethical hacker oscp certification ctf for beginners Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hacking #kalilinux #parrotos

13 Okt 202233min

How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today. // MENU // 00:00 - In plain text! 00:24 - Introducing//Vickie Li 00:58 - Part 1//The Interview 01:01 - Origin//Bug Bounty Bootcamp 03:37 - What are Bug Bounty Programmes? 05:26 - Part Time Bug Hunting? 05:44 - Easy Way to Get Experience 07:45 - Which Bug Bounty Programmes for Beginners? 10:51 - Beginners//Don't Compete with Pros 13:15 - Duplicates as Valid Experience 14:23 - What You Need to Start 14:59 - Linux//Do You Need It? 15:55 - Automate!//Which Programming Language? 18:03 - Beginner Friendly Vulnerabilities 21:17 - Part 2//Exploiting IDOR Vulnerability Demo 21:24 - What is IDOR? 22:51 - PortSwigger IDOR Lab 24:05 - Live Chat IDOR 24:48 - View transcript 25:12 - Burp Suite Intercept 26:05 - What to Look For//IDs Aren't Always Obvious 26:56 - Burp Suite//Looking Through Headers 27:56 - Burp Suite//Repeater 28:30 - Testing View Transcript Again 29:18 - GET Request//Identifying Exploitable Endpoint 30:26 - Modifying GET Request 31:35 - Finding the right headers to modify 33:47 - Why the first attempt didn't work 34:09 - IRL//What You Would Do 34:23 - Password in Live Chat Transcript 35:40 - How to Prevent IDORs 36:01 - IDORs//Worth Pursuing? 39:57 - Bug Bounties//How to Start 41:21 - Learn More!//Vickie's Blog 41:38 - Follow Vickie's Twitter! 41:52 - Thank You & Closing // Books // Bug Bounty Bootcamp: https://amzn.to/3K2YDeJ The Web Application Hacker's Handbook: https://amzn.to/3IZ2RTr Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij Automate the boring stuff with Python: https://amzn.to/3N2QuYu // Videos mentioned // Nahamsec: https://youtu.be/9vaEwycet90 Corey Ball: https://youtu.be/CkVvB5woQRM Tanya Janca: https://youtu.be/nyhytT2tRN0 Al Sweigart: https://youtu.be/7iBqoc-DzTQ // Vickie's social media // Twitter: https://twitter.com/vickieli7 Website: https://vickieli.dev/ YouTube: https://www.youtube.com/channel/UCjQH... Medium: https://vickieli.medium.com/ // Connect with David // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Platforms mentioned // HackerOne: https://www.hackerone.com/ bugcrowd: https://www.bugcrowd.com/ Intigriti: https://www.intigriti.com/ Huntr: https://huntr.dev/ // Connect with Nahamsec // Twitter: https://twitter.com/nahamsec YouTube: https://www.youtube.com/c/nahamsec Github: https://github.com/nahamsec/Resources... Discord: https://discord.com/invite/ysndAm8 Instagram: https://www.instagram.com/nahamsec/ LinkedIn: https://www.linkedin.com/in/nahamsec/ Twitch: https://www.twitch.tv/nahamsec Website: https://nahamsec.com/ // MY STUFF // Monitor: https://amzn.to/3yyF74Y More stuff: https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #python #hack #xss

13 Okt 202242min

#1 reason for data breaches is insecure software. Software badly needs to be made more secure - lots of opportunities here to either hack applications or help application developers secure them. Learn application security (appsec) for free with shehackspurple. // MENU // 00:00 - Let's start with a bang! 00:28 - Introduction//Tanya Janca 03:48 - What is CIA? 07:05 - Why Purple & What Big News? 11:17 - Free Secure Code Courses? 13:00 - Where to contact Tanya 13:37 - Number One Reason for Data Breaches 18:42 - How Tanya Started Out 25:19 - What is DevOps? 34:26 - The Systems Development Life Cycle 39:47 - Why Shock and Awe Doesn't Work 45:24 - Secure Code As a Job? 48:41 - Jobs and Free Training? 50:38 - Get Involved with the Hacking Community! 53:37 - log4j//What Happened? 01:01:17 - Thank You & Final Thoughts // FREE COURSES // Website: https://community.wehackpurple.com/ All Free courses: https://community.wehackpurple.com/al... Secure Coding: https://community.wehackpurple.com/co... API Security Mini Course: https://community.wehackpurple.com/co... Infrastructure as Code Mini-Course: https://community.wehackpurple.com/co... Azure Cloud Security: https://community.wehackpurple.com/co... Application Security Foundations Level 1: https://community.wehackpurple.com/co... Application Security Foundations Level 2: https://community.wehackpurple.com/co... Application Security Foundations Level 3: https://community.wehackpurple.com/co... Running DAST in a CI/CD, Successfully: https://community.wehackpurple.com/co... Scale Your Team Mini-Course: https://community.wehackpurple.com/co... // BOOKS // The Web Application Hacker’s Handbook - Ed by Dufydd Stuttard and Marcus Pinto: https://amzn.to/3vBzfHX Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij // Tanya SOCIAL // YouTube: https://www.youtube.com/c/SheHacksPurple Twitter: https://twitter.com/shehackspurple LinkedIn: https://www.linkedin.com/in/tanya-janca/ Blog: https://shehackspurple.ca/ // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com app appsec owasp application security python javascript java c c++ swift php golang go rust kotlin typescript dart software hack software application hacking secure apps Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hack #app #appsec

22 Aug 20221h 3min

I interview Corey Ball who wrote the book "Hacking APIs" and he tells us about his book and the free training he is making available. This is a cool announcement :) // MENU // 00:00 - Why talk about pentesting at all? 00:21 - Welcome//Corey 00:48 - What is an API and Why Care? 01:52 - Free API Hacking Course! 02:11 - Overview//Course 02:28 - Do I Need the Book to do the Course? 02:39 - Pre-reqs for Course 03:07 - Cert//When? 03:22 - Hacking APIs//Origin Story 05:34 - The Start//USPS Data Leak 07:31 - OWASP Top 10 Explained 07:49 - API1//Broken Object Level Authorization 08:46 - Testing for BOLA 09:59 - API2//Broken User Authentication 10:35 - Leaked API Keys on GitHub? 10:59 - API3//Excessive Data Exposure 12:05 - API9//Improper Asset Management 13:53 - The World is Running on APIs 14:53 - Who is this Book For? 16:19 - Set Up Hacking Lab 17:47 - You Just Need a Laptop to Start Hacking! 17:52 - Free API Hacking Tools 20:14 - What is Kiterunner 20:47 - Gobuster vs Kiterunner 21:51 - Free Wordlists! 22:05 - What is fuzzing and free fuzzing tool 23:17 - More Tools? 23:47 - How To Find APIs 25:02 - Using nmap to find APIs? 26:09 - Hacking APIs as your start in hacking 28:09 - Difference//REST//GraphQL 29:07 - Learn REST or GraphQL? 31:07 - Take a University Course? 31:44 - Hacking Certifications//Worth It? 33:42 - Being Hacked//How Corey Started 36:31 - Corey's OSCP Experience 38:09 - Hacking APIs As An Alternative Path 38:41 - Resources to Start With 39:26 - Ten Years of Experience? 39:52 - Huge Demand for Hacking APIs 40:25 - The Course is Completely Free 40:47- Breaking Barriers! 41:37 - Thank You & Final Words // Free API hacking course // APIsec Certified Expert Course: https://university.apisec.ai/ // Defcon Workshop notes // https://sway.office.com/HVrL2AXUlWGNDHqy // Books // Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF // YouTube channels mentioned // InsiderPHD: https://www.youtube.com/c/InsiderPhD IppSec: https://www.youtube.com/c/ippsec/videos // Corey SOCIAL // LinkedIn: https://www.linkedin.com/in/coreyjball/ Twitter: https://twitter.com/hAPI_hacker // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com hacking api api api hacking api hacking tutorial api hacking bug bounty api hacking 101 api hacking full course api hacking tools api hacking alissa knight api hacking with postman api hacking for beginners api hacker api hacking demo api hacking kali linux api hacking course api hacking insiderphd hacking an api hack api owasp api top 10 bug bounty hacking apis no starch press hacking api no starch hacking apis pdf hacking api book hacking apis corey ball corey ball hacking apis reverse engineering private api apis for beginners rest api hacking api with postman reverse engineering for beginners hacking api key what is an api rest apis with postman for absolute beginners rest api explained #api #hack #hacking

15 Aug 202242min