Ex-NSA hacker tools for real world pentesting

Поделиться
HTML-код

Комментарии • 966

  • @davidbombal
    @davidbombal  3 года назад +28

    My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and RUclips didn't like them... so I had to remove the video :(
    Learn real world pentesting plus which tools are the best to use with Ex-NSA Hacker Neal Bridges. Neal tells us what he carries in his backpack when doing real world pentests.
    Menu:
    0:00 ▶ Introduction
    1:17 ▶ Neal sees pentesting differently
    2:00 ▶ Neal's advice from experience
    3:18 ▶ Neal's 5,000 pentests
    4:30 ▶ Take NSA and experience
    5:10 ▶ Preparation is key
    5:50 ▶ OSINT
    6:30 ▶ Actual Pentest report
    7:50 ▶ Pretexting
    8:45 ▶ Another real world example
    9:30 ▶ Planning is very important
    10:15 ▶ Leave stuff in your car?
    11:55 ▶ Right tools for the job
    12:05 ▶ Top tools
    12:30 ▶ Extra cables
    12:58 ▶ Hak5 Ethernet cable
    13:10 ▶ Is Hak5 a necessity
    13:57 ▶ Rubber Ducky
    14:30 ▶ Hak5 are great
    15:00 ▶ Real world example of equipment
    15:30 ▶ You can create your own stuff
    16:10 ▶ Your time is money
    16:30 ▶ Proxmark
    17:30 ▶ Crazy RFID reader
    18:50 ▶ Poor planning RFID example
    20:20 ▶ Your time is worth something!
    21:00 ▶ Hone your tradecraft
    21:20 ▶ Proxmark explanation
    21:50 ▶ A reader doesn't give you access. You need a pretext
    23:50 ▶ Social engineering
    25:50 ▶ You need a story
    26:04 ▶ Social Engineering vs tech
    29:00 ▶ Physical access is king
    30:00 ▶ What to do once past the door
    31:19 ▶ Military facility pentest
    33:27 ▶ Look for a network port
    34:49 ▶ You want to get out of there
    35:04 ▶ Hak5 Lan turtle
    36:35 ▶ Back of computer vs switch
    37:32 ▶ Pop it into the back of the computer
    38:11 ▶ What about WiFi
    38:50 ▶ TP-Link WiFi Card
    39:50 ▶ Ubertooth
    40:50 ▶ HackRF One
    41:56 ▶ Hak5 Pineapple
    42:09 ▶ SDR
    43:00 ▶ Real world example
    44:13 ▶ Alfa Network Adapter
    44:50 ▶ Wifi Hacking
    44:49 ▶ Alfa not practical so much
    46:20 ▶ You cannot charge for a WiFi pentest
    47:17 ▶ You are making it real
    47:45 ▶ WiFi can be social engineering
    48:47 ▶ Captive portal
    49:40 ▶ Rogue Access point
    50:40 ▶ Real world wifi pentest example
    51:30 ▶ Port Security
    51:57 ▶ Hak5 Pineapple access corporate network
    52:34 ▶ Always social engineering
    53:00 ▶ Pyramid of pain
    53:14 ▶ Stuxnet
    54:45 ▶ Telsa attack
    55:07 ▶ NSA examples
    56:32 ▶ Human Intelligence Hacking Example
    58:40 ▶ Another hacking example
    1:00:18 ▶ WiFi hacking example
    1:01:32 ▶ Neal's photo while hacking
    1:03:22 ▶ Once inside, you are trusted
    1:03:40 ▶ Summary of devices
    1:03:55 ▶ Hak5 switch
    1:04:08 ▶ Extra cables
    1:04:15 ▶ Hak5 Rubber Ducky
    1:04:30 ▶ Hak5 Pineapple
    1:04:54 ▶ Hak5 Bash Bunny
    1:04:58 ▶ Hak5 Packet Squirrel
    1:06:26 ▶ Ubertooth
    1:06:31 ▶ Proxmark
    1:07:00 ▶ Value of networking knowledge
    1:07:32 ▶ Neal got his CCNA
    1:08:50 ▶ Very few companies use port security properly
    1:10:08 ▶ Cain and Abel
    1:11:00 ▶ Are zero days worth it
    1:12:05 ▶ Shiny objects vs Neal's wisdom
    1:13:37 ▶ Real world hard talk
    1:14:25 ▶ What do you recommend
    1:16:55 ▶ Neal and David going to do something
    =======================
    Buy Hak5 coolness here:
    =======================
    Buy Hak5: davidbombal.wiki/gethak5
    ============================
    Buy ShareBrained Technology:
    ============================
    PortaPack: www.sharebrained.com/
    ================
    Connect with me:
    ================
    Discord: discord.com/invite/usKSyzb
    Twitter: twitter.com/davidbombal
    Instagram: instagram.com/davidbombal
    LinkedIn: www.linkedin.com/in/davidbombal
    Facebook: facebook.com/davidbombal.co
    TikTok: tiktok.com/@davidbombal
    RUclips: ruclips.net/user/davidbombal
    ================
    Connect with Neal:
    ================
    RUclips: ruclips.net/user/cyberinsecurity
    LinkedIn: www.linkedin.com/in/nealbridges/
    Twitter: twitter.com/ITJunkie
    Twitch: www.twitch.tv/cyber_insecurity
    Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

  • @JC-go5ds
    @JC-go5ds 2 года назад +96

    After 20 years of military service, mostly in the same type of environment as Neal, He is spot on about the "Social" portion of pen-testing. Being "Nice" will get you pretty far.

    • @JehuMcSpooran
      @JehuMcSpooran Год назад +6

      Dressing the part helps too. Watching this made me realise how many situations I have been in that people have trusted me with no reason to and half the time it is because it was what I was wearing that did it.

    • @Native_love
      @Native_love Год назад +5

      Richard Marcinko talked about how easy it was to get anything done on a US base just by being nice and wearing a Navy sweater or something like that.

    • @kiiturii
      @kiiturii Год назад +2

      @@JehuMcSpooran a clipboard and a vest will get you anywhere, but at the same time I've heard cool stories of pentesters getting access to the most secure buildings while wearing completely unfitting clothing because they were trying to push how far they can go before getting caught
      edit: like just look at 1:01:38 haha

    • @thekaiser4333
      @thekaiser4333 Год назад

      The worst to Neal.
      Spying on friends and allies is not tolerable.
      Hope he gets arrested when he crosses the German border.

  • @balloney2175
    @balloney2175 Год назад +18

    David is trying his very best to help us learn also from his invited guests like Neal. Million thanks, David, for your untiring efforts.

  • @JasonWh
    @JasonWh Год назад +6

    As the owner of a Cybersecurity & Forensics service provider, I appreciate these topics. We do about 50 pentests a month so it is always good to check my work against what others do.

  • @akan1783
    @akan1783 3 года назад +551

    What I really like about you David is that you ask questions that are really relevant and that you also surprisingly know how to put yourself in the shoes of a beginner to ask the right questions that will allow us (the newbies) to learn more about different field of IT. Much love from France David!

    • @davidbombal
      @davidbombal  3 года назад +57

      Thank you Akan! I appreciate that :)

    • @selvapriyan81
      @selvapriyan81 2 года назад +8

      True well said. He exactly asked what came to my mind :)

    • @NAKAEtekq
      @NAKAEtekq 2 года назад +3

      ❤seems like David is in my head. Any question that comes into my head is always asked by david💖Thank you for helping us the beginners

    • @thebread9874
      @thebread9874 2 года назад

      @Ostia Hermes if the nsa wanna hack you, no router in the world is gunna stop them.

    • @thebread9874
      @thebread9874 2 года назад +1

      @Ostia Hermes most likely high end Cisco routers and firewalls but that's overkill for a SOHO

  • @SpragginsDesigns
    @SpragginsDesigns 2 года назад +10

    I worked IT at my community college for a year before I got my AA in web design. I loved that place. And it taught me how to socially engineer a place whether you work there or not. I ended up doing mainly pentesting for them because I was able to get anywhere without a badge or keys to open anything even though they had pretty strict protocol on all of it.
    It's all about legal consent to pentest, social engineering and then the tech knowledge.
    And there is always more to learn.

  • @vmsmuenchen5084
    @vmsmuenchen5084 2 года назад +13

    I love how this content is free and that im able to watch it. Its literally so much knowledge that I'm getting without even having to do or pay something and so damn well made. Thanks, David!

  • @Native_love
    @Native_love Год назад +2

    I love how David knows all the details but asks the questions Noobs like us would! Thank you David!

  • @dougOptics
    @dougOptics 3 года назад +51

    Love this. You two have really inspired me. I started my own Cybersecurity business because of your wisdom and guidance. I've been in the IT space for 11 years, so I feel like it was time for me to forge my own path. Looking forward to more content!

    • @TheBenJiles
      @TheBenJiles 2 года назад +2

      Hope your business is going well

    • @hasihasi7163
      @hasihasi7163 2 года назад

      Good Luck !!

    • @grantsterling3744
      @grantsterling3744 Год назад

      Hey, I know that you don't know me, but, I'm interested in starting a company in my area. I'm just getting started, haven't even done a ctf or bug bounty, even. I was wondering how you are doing about a year in? Good luck and hope to hear from you soon

  • @denzyljackson2213
    @denzyljackson2213 2 года назад +36

    I love these stories! I would absolutely enjoy an entire series on war stories from Neal's pen tests! It would not only motivate aspiring pen testers, but would provide real world context, just as this video does, to topics that can't always be mastered in a lab. This for me, is the best way of learning.

    • @nucknuck123
      @nucknuck123 Год назад

      🤔 I guess the movies got it right 💁 lol this reminds me of I spy

  • @Tao_Peace
    @Tao_Peace Год назад

    Having worked in the networking industry for 24yrs I find these guys absolutely fascinating! These guys are spot on!!

  • @honeybadgeractual5734
    @honeybadgeractual5734 3 года назад +3

    I enjoy the chat, but to be honest I would love to see a more to the point video that highlights the hardware, and its general use; rather than a long protracted conversation about his experience in the field, and more so a nuts and bolts of what he actually uses regularly.

  • @andrew_koala2974
    @andrew_koala2974 3 года назад +25

    Correctly formatted and grammatically correct list of TimeStamps
    Menu:
    00:00 Introduction
    01:17 Neal sees pentesting differently
    02:00 Neal's advice from experience
    03:18 Neal's 5,000 pentests
    04:30 Take NSA and experience
    05:10 Preparation is key
    05:50 OSINT
    06:30 Actual Pentest report
    07:50 Pretexting
    08:45 Another real-world example
    09:30 Planning is very important
    10:15 Leave stuff in your car?
    11:55 Right tools for the job
    12:05 Top tools
    12:30 Extra cables
    12:58 Hak5 Ethernet cable
    13:10 Is Hak5 a necessity
    13:57 Rubber Ducky
    14"30 Hak5 are great
    15:00 Real-world example of equipment
    15:30 You can create your own stuff
    16:10 Your time is money
    16:30 Proxmark
    17:30 Crazy RFID reader
    18:50 Poor planning RFID example
    20:20 Your time is worth something!
    21:00 Hone your tradecraft
    21:20 Proxmark explanation
    21:50 A reader doesn't give you access. You need a pretext
    23:50 Social engineering
    25:50 You need a story
    26:04 Social Engineering vs tech
    29:00 Physical access is king
    30:00 What to do once past the door
    31:19 Military facility pentest
    33:27 Look for a network port
    34:49 You want to get out of there
    35:04 Hak5 Lan turtle
    36:35 Back of computer vs switch
    37:32 Pop it into the back of the computer
    38:11 What about WiFi
    38:50 TP-Link WiFi Card
    39:50 Ubertooth
    40:50 HackRF One
    41:56 Hak5 Pineapple
    42:09 SDR
    43:00 Real-world example
    44:13 Alfa Network Adapter
    44:50 Wifi Hacking
    44:49 Alfa not practical so much
    46:20 You cannot charge for a WiFi pentest
    47:17 You are making it real
    47:45 WiFi can be social engineering
    48:47 Captive portal
    49:40 Rogue Access point
    50:40 Real-world wifi pentest example
    51:30 Port Security
    51:57 Hak5 Pineapple access corporate network
    52:34 Always social engineering
    53:00 Pyramid of pain
    53:14 Stuxnet
    54:45 Telsa attack
    55:07 NSA examples
    56:32 Human Intelligence Hacking Example
    58:40 Another hacking example
    1:00:18 WiFi hacking example
    1:01:32 Neal's photo while hacking:
    1:03:22 Once inside, you are trusted
    1:03:40 Summary of devices
    1:03:55 Hak5 switch
    1:04:08 Extra cables
    1:04:15 Hak5 Rubber Ducky
    1:04:30 Hak5 Pineapple
    1:04:54 Hak5 Bash Bunny
    1:04:58 Hak5 Packet Squirrel
    1:06:26 Ubertooth
    1:06:31 Proxmark
    1:07:00 Value of networking knowledge
    1:07:32 Neal got his CCNA
    1:08:50 Very few companies use port security properly
    1:10:08 Cain and Abel
    1:11:00 Are zero-days worth it
    1:12:05 Shiny objects vs Neal's wisdom
    1:13:37 Real-world hard talk
    1:14:25 What do you recommend
    1:16:55 Neal and David going to do something

    • @sky.the.infinite
      @sky.the.infinite 2 года назад +2

      You should edit that 14:30 … since you already put all the effort into correction.

    • @stevrgrs
      @stevrgrs Год назад

      I don't know whether to feel bad for you or not lol.

    • @zrivs
      @zrivs Год назад

      🤡

  • @hansjswart5486
    @hansjswart5486 3 года назад +8

    David, Neal. Thank you so much. The ending of this video is what is currently hitting me. The fact that there is this ocean of supposed training however after you invest the time and finish it you realise that it simply was not enough. We need real world training/labing/ simulation because st the end. Obtaining the skill comes from experience. Theory is groundwork but not experience.

  • @jefff502
    @jefff502 3 года назад +24

    Fantastic video, thanks David and Neil for putting this together, this should be required watching for helpdesk techs, sysadmins and engineers. This is stuff that every IT professional on the blue team side of the house should be aware of.

    • @zac2877
      @zac2877 Год назад

      Sysadmin here taking notes ;)

  • @fearkrypton4565
    @fearkrypton4565 2 года назад +34

    0:00 ▶ Introduction
    1:17 ▶ Neal sees pentesting differently
    2:00 ▶ Neal's advice from experience
    3:18 ▶ Neal's 5,000 pentests
    4:30 ▶ Take NSA and experience
    5:10 ▶ Preparation is key
    5:50 ▶ OSINT
    6:30 ▶ Actual Pentest report
    7:50 ▶ Pretexting
    8:45 ▶ Another real world example
    9:30 ▶ Planning is very important
    10:15 ▶ Leave stuff in your car?
    11:55 ▶ Right tools for the job
    12:05 ▶ Top tools
    12:30 ▶ Extra cables
    12:58 ▶ Hak5 Ethernet cable
    13:10 ▶ Is Hak5 a necessity
    13:57 ▶ Rubber Ducky
    14:30 ▶ Hak5 are great
    15:00 ▶ Real world example of equipment
    15:30 ▶ You can create your own stuff
    16:10 ▶ Your time is money
    16:30 ▶ Proxmark
    17:30 ▶ Crazy RFID reader
    18:50 ▶ Poor planning RFID example
    20:20 ▶ Your time is worth something!
    21:00 ▶ Hone your tradecraft
    21:20 ▶ Proxmark explanation
    21:50 ▶ A reader doesn't give you access. You need a pretext
    23:50 ▶ Social engineering
    25:50 ▶ You need a story
    26:04 ▶ Social Engineering vs tech
    29:00 ▶ Physical access is king
    30:00 ▶ What to do once past the door
    31:19 ▶ Military facility pentest
    33:27 ▶ Look for a network port
    34:49 ▶ You want to get out of there
    35:04 ▶ Hak5 Lan turtle
    36:35 ▶ Back of computer vs switch
    37:32 ▶ Pop it into the back of the computer
    38:11 ▶ What about WiFi
    38:50 ▶ TP-Link WiFi Card
    39:50 ▶ Ubertooth
    40:50 ▶ HackRF One
    41:56 ▶ Hak5 Pineapple
    42:09 ▶ SDR
    43:00 ▶ Real world example
    44:13 ▶ Alfa Network Adapter
    44:50 ▶ Wifi Hacking
    44:49 ▶ Alfa not practical so much
    46:20 ▶ You cannot charge for a WiFi pentest
    47:17 ▶ You are making it real
    47:45 ▶ WiFi can be social engineering
    48:47 ▶ Captive portal
    49:40 ▶ Rogue Access point
    50:40 ▶ Real world wifi pentest example
    51:30 ▶ Port Security
    51:57 ▶ Hak5 Pineapple access corporate network
    52:34 ▶ Always social engineering
    53:00 ▶ Pyramid of pain
    53:14 ▶ Stuxnet
    54:45 ▶ Telsa attack
    55:07 ▶ NSA examples
    56:32 ▶ Human Intelligence Hacking Example
    58:40 ▶ Another hacking example
    1:00:18 ▶ WiFi hacking example
    1:01:32 ▶ Neal's photo while hacking
    1:03:22 ▶ Once inside, you are trusted
    1:03:40 ▶ Summary of devices
    1:03:55 ▶ Hak5 switch
    1:04:08 ▶ Extra cables
    1:04:15 ▶ Hak5 Rubber Ducky
    1:04:30 ▶ Hak5 Pineapple
    1:04:54 ▶ Hak5 Bash Bunny
    1:04:58 ▶ Hak5 Packet Squirrel
    1:06:26 ▶ Ubertooth
    1:06:31 ▶ Proxmark
    1:07:00 ▶ Value of networking knowledge
    1:07:32 ▶ Neal got his CCNA
    1:08:50 ▶ Very few companies use port security properly
    1:10:08 ▶ Cain and Abel
    1:11:00 ▶ Are zero days worth it
    1:12:05 ▶ Shiny objects vs Neal's wisdom
    1:13:37 ▶ Real world hard talk
    1:14:25 ▶ What do you recommend
    1:16:55 ▶ Neal and David going to do something

    • @StfuSiriusly
      @StfuSiriusly 2 года назад +1

      yes bro its literally in the description..

    • @fearkrypton4565
      @fearkrypton4565 2 года назад +5

      @@StfuSiriusly ik i copied from their..just for my convience like i cantt go o description all the time again and again

  • @joebob3712
    @joebob3712 3 года назад +84

    Another fantastic video David and Neal. I love the stories, and real-life applications. While I'm not looking to seek a career in this field, I love this domain of technology. It is worthwhile to see the weaknesses of our digital climates. As a college student at a University that had just been the victim of a cyberattack last year, I find this information invaluable and super intriguing, especially when it's presented in such an engaging way like this video. I will definitely advocate for better physical, social, and network security from the IT department on campus. Thanks again for your hard work developing this content.

    • @brokeyoutuber
      @brokeyoutuber 2 года назад

      Those damn vulnerable collages

    • @intuit13
      @intuit13 2 года назад +1

      @@brokeyoutuber lmao... I got into computers when I was like 15 in the mid-90s. I definitely wasn't a programmer/hacker but I WAS very interested in the subject. Occasionally I'd buy a 2600 and flip through it, reading a lot but digesting little. Anyway, the ONE system I ever got into myself without just guessing or using default passwords on random telenet machines or local dial-up systems was a big-name University's system. Ended up "hacking" into one of their machines by using what was probably the easiest method any "script-kiddie" could use, the "PHF exploit". Found your comment about 'damn vulnerable colleges" kinda funny, heh.

  • @gregm.6945
    @gregm.6945 3 года назад +16

    David, a huge thank you to yourself and Neal for taking the time to make such a great and educational video. I'd have to say this is one of your best videos that I've seen, and we all know how high quality all your other ones are !

  • @itstimeyourepent5258
    @itstimeyourepent5258 2 года назад

    This man David Is too sensible with his questions, the best I have seen so far

  • @jacobfinder7476
    @jacobfinder7476 Год назад

    I got into the IT business in 1992 as a Network Engineer and Sys Admin. I have several certifications. Been a fan of David since he began. This gentleman in this video is Right On. I recommend this video to anyone who truly wants to be the best they can be.

  • @unlagonaisnj2181
    @unlagonaisnj2181 3 года назад +30

    Cannot wait for OSINT video. I am so in to it right now

  • @Thedude897
    @Thedude897 3 года назад +1

    When he started talking about people on their smoke break that is so true. They are the most vulnerable ones in the work place.

  • @CliffCarmichael
    @CliffCarmichael 3 года назад +6

    David this content is unlike any other and pure gold. Thank you very much

  • @ysegrim9824
    @ysegrim9824 2 года назад +2

    i have no idea how i ended up here but i highly appreciate you two shared your conversation in this video. personally i am more interested in the psychological aspect of security then in the tech side - thank you for this contribution to the spark of my curiosity.

  • @headcase2226
    @headcase2226 3 года назад +4

    I've been in IT for almost three months now and it is wild how many people are trusting of me with their password to their account when doing password resets. They get frustrated making a new password that they either ask me to do it for them or write it down for them. They think just because I am in IT that I am trustworthy - not to say I am not but I digress.

  • @danielhoglan3468
    @danielhoglan3468 2 года назад +1

    Knowledge Wisdom (also not intelligence...) This is a valuable understanding that the vast majority in any field is sorely lacking today. Most people have very little wisdom until they're around 30+ years old unless your field of expertise is not complicated in any way. A college degree(or certifications) certainly does not provide you with wisdom. Knowledge is extremely important, but without the ability to put it to practice usefully, it's not worth much.

  • @jaredb.1706
    @jaredb.1706 3 года назад +5

    Fantastic, keep this kinda of real world content coming. I returned to school pursuing my first degree because of you two! AMAZING STUFF!

  • @xrunner55
    @xrunner55 2 года назад +1

    One neat thing that works very well is sending an email saying you have been tagged in a post. Works 97% on women and sometimes on men. A coworker took it after watching a social media documentary.

  • @ebooooo1213
    @ebooooo1213 3 года назад +8

    Hi David, thank you for making everything possible & easy for beginners by asking & explaining every single detail. Can you make a video about Raspberry pi? Setup & installation of Kali linux? And maybe some of your amazing ideas about pentesting?

  • @jasonpitts8395
    @jasonpitts8395 3 года назад +1

    The two of you are THE BEST when you share the stage. You guys should talk about ICS stuff down the road. Love these videos

  • @carmodity
    @carmodity 2 года назад +33

    Him: "I've done like 5000 pen tests.. multiple tests every week, for 7 years."
    Reality: 3 per week x 52 weeks x 7 years = 1092 tests.
    He'd actually have to do 3 per day.

    • @sloanphillippi2790
      @sloanphillippi2790 2 года назад +6

      That bugged me so much lol

    • @paullees6687
      @paullees6687 2 года назад +5

      The only way I could see this being the case is if he means he counts nmap and a sql injection as 2 different "pen tests". Either way this was annoying

    • @carmodity
      @carmodity 2 года назад +1

      @@paullees6687 Alternatively, 3 per week would only take him 35 years, without a break.. so maybe he started when he was a baby ..

    • @paullees6687
      @paullees6687 2 года назад +5

      @@carmodity this guy's the Steven segal of pen testers.
      "Relax. I've been pen testing for like 50 years"

    • @attacksec
      @attacksec 2 года назад

      Well, I think what he meant is managed those number of pentests, it's been like 14 years for me as well... and have managed/conducted over 6-8k tests myself..

  • @joewozniak711
    @joewozniak711 2 года назад

    As someone who is just starting their career/interest at a local college, this is so amazing. Thank you so much.

  • @eddymoscardi3690
    @eddymoscardi3690 3 года назад +169

    If you do two pentests per week (which is a lot), it will take you nearly 48 years to perform 5000 🤨

    • @riskinhos
      @riskinhos 3 года назад +50

      he does one for breakfast and one for dinner. 5k. it's bs

    • @toti3bash
      @toti3bash 3 года назад +19

      yeah I do think that is an over exaggerated hyperbole.... I do not think that is truthful as well...

    • @TheBigJohny
      @TheBigJohny 3 года назад +11

      I think he does pentest with large scope and counts them as more pentests. but otherwise it is indeed BS

    • @o_ss
      @o_ss 3 года назад +19

      I guess you were never in the military.

    • @fuba44
      @fuba44 3 года назад +7

      Was doing the same math, a hilarious claim.

  • @habibullahbahawar2097
    @habibullahbahawar2097 2 года назад

    I have started studying in Cybersecurity, when I watch this discussion and compare it to what I am reading now days, its huge difference. I hope Neal shares more of his knowledge to the people like me who are new in this field.

  • @wandersgion4989
    @wandersgion4989 3 года назад +20

    To do 5000 pen tests in 8 years, he'd have to average over 2 per day (assuming he worked 5 days per week).

    • @rdarkmind
      @rdarkmind 2 года назад

      It's called talking out of your ass. The whole hacker community was making fun of this on Twitter.

    • @habib_the_panda
      @habib_the_panda 2 года назад +2

      Imagine thinking the military gives you a weekend on a deployment.
      Imagine thinking it’s impossible to do just because you are incapable of doing it yourself.

    • @michaelkaliski7651
      @michaelkaliski7651 9 месяцев назад +1

      Each attack vector is counted as a test. Entering the building, gaining access to a computer, gaining access to the network, downloading data, and leaving the premises without ring challenged, would count as five tests. That could take less than an hour. Going back into the premises to retrieve equipment or data is going to count as a whole lot more tests. So 5,000 tests is not necessarily 5,000 separate premises tested, more like 500.

  • @Keyser888
    @Keyser888 2 года назад +2

    As someone who make and configure access control cards, if you have a large group of cards you can definitely tell a lot about a system from it, but you have to combine that with the type of reader etc. Certain type of readers can read certain type of cards, and combined with looking at LED patterns etc you can often see what backend system they use.
    As long as they use the cards serialnumber and not cards that have encrypted sectors or filesystems, you can get a lot of information from having a bulk of cardnumbers. Usually to be able to make cards for any given system you need 1-100 cards to be able to program new cards from scratch. For standard systems 1 card is often enough.
    But apart from that there is often a lot easier to just hook on to the comms cables from the card reader if they are accessible and just read & insert the raw signal for the card number between the card reader and the backend system.

  • @ketononeill8898
    @ketononeill8898 3 года назад +5

    I enjoy and take notes in every video you make with Neal! Thanks, David! Great stuff ❤

  • @benyaminsultan2705
    @benyaminsultan2705 2 года назад +1

    What a conversation that made my brain thrives. Thank you David & Neal.

  • @BB-uz4tc
    @BB-uz4tc 3 года назад +6

    Coach your the best. Thank you for making us better

  • @willsmith2058
    @willsmith2058 6 месяцев назад

    After have 9+ years of physical installation security experience (Access control, Security and NVR systems) you've made me want to shift my knowledge into cyber and I'm excited again. Having the mindset of building layouts and functions, where they keep things I already have down pat. Just laying my foundations in linux now and enjoying the process. Thanks for the video!

  • @hellcatchuck2723
    @hellcatchuck2723 3 года назад +20

    I would love for him to sit and explain what he thinks of Edward Snowden.

    • @riskinhos
      @riskinhos 3 года назад

      the most important and interest question of all that wasn't made

    • @almostattheendoflife2273
      @almostattheendoflife2273 3 года назад +2

      If he said anything he would be interrogated and watched for the rest of his life. I dont think he wants that.

    • @hellcatchuck2723
      @hellcatchuck2723 3 года назад +2

      @@almostattheendoflife2273 So sad but true.

    • @riskinhos
      @riskinhos 3 года назад +1

      @@almostattheendoflife2273 he's already tracked and watched. actually, we all are. assange, snowden and manning show us

    • @hellcatchuck2723
      @hellcatchuck2723 3 года назад

      @@riskinhos Also very true haha. Screw it talk about Snowden.

  • @ikiyytours2320
    @ikiyytours2320 2 года назад

    Love when David emphasizes on the CCNA.
    Love it.

  • @Ronald_Jon
    @Ronald_Jon 3 года назад +106

    Well, to do 5000 penetration test in a span of 8 years would mean he was doing about 12 a week, on a 5 day week, that's 2.4 / day, and a 6 day week, 2 / day. How long does a penetration test take because if he did 5000+, then of course those numbers per day will up. I used 8 years because he said 7+ years, meaning more than 7 but less than 8. I'm not trying to troll by any means, just that I've found that when people are asked about their experience, they tend to exaggerate dramatically. Yes, maybe he has done a lot, certainly more than the average viewer I would imagine, but those numbers seem a little high, but knowing the time it takes to do a single, thorough penetration test would be helpful. My preliminary research is showing from a minimum of 1 day to weeks depending on the complexity of the environment, number of hosts, number applications being used, ect.

    • @Lol-zy5pn
      @Lol-zy5pn 3 года назад +31

      Step1: Create a methodology
      Step2: Do a manual pentest on one target
      Step3: Automate that whole process using bash/python script
      Step4: Run and Improve that bash/python over time based on new target
      And Boom, you have a cool automation script which can do 5k pentest in a day as well

    • @johnwig285
      @johnwig285 2 года назад +11

      Because it aint 7+ years but rather more than a decade. He has been doing this for more than a decade, not 7+ years. 7+ years is the time he spent in 1 of the organisations, probably the military. It is an estimate over the whole lifespan of his career.

    • @pratorian
      @pratorian 2 года назад +6

      You also have to consider the fact that he’s totally spit balling how many tests he’s done. Let’s say he’s only done 3200. Over that time span would you really expect that he would, off the top of his head, differentiate between 3200 and 5000?

    • @updatelaterus8844
      @updatelaterus8844 2 года назад +2

      7 plus years plus a decade in the military doing offensive cyber operations. So for 17 years definitely seems like 5000 is a plausible number.

    • @8________________D-
      @8________________D- 2 года назад +13

      I last about 30 seconds

  • @NSA010
    @NSA010 3 года назад +2

    By far this is the best episode. Thanks David.

  • @Sodendop
    @Sodendop 3 года назад +185

    5000 pen tests? Even if you conducted 1 pentest a week for a year ( 52 tests a year). It would take 96 years. If you were looking at 5 applications a week (260 a year) that’s still 19 years. Something doesn’t make sense.

    • @Misshealthylifestyle
      @Misshealthylifestyle 2 года назад +22

      I guess some were automated tests

    • @johnsnows3464
      @johnsnows3464 2 года назад +22

      I agree.He was prob exaggerating.

    • @dhyskRand
      @dhyskRand 2 года назад +46

      Typical AF writing when you have a team of 10 and they each do a pen test then you just did 10.

    • @tjm64
      @tjm64 2 года назад +9

      Probably did dozens of tests while training. Could be doing 5 a day in some cases.

    • @SynthToshi
      @SynthToshi 2 года назад +26

      I stop watching after the first 10 mins of noting but how good thr guy is... OK bro enough self glory already, let's see the tools 😒

  • @landrover827
    @landrover827 2 года назад

    Thank you so much for these. I love how you not only demonstrate, but ask and share how to learn what you’re demonstrating. That’s what makes your channel so much different. 😀🥳

  • @kiravd5392
    @kiravd5392 3 года назад +4

    Pen testing be sounding like the perfect job!!! Thanks for all the information you be sharing with us!

  • @GrindAlchemyTech
    @GrindAlchemyTech Год назад

    I revisit this one video often when I need to recalibrate my thinking & approach... a great way to pause & reflect very useful for taking some time to check our mindsets ... thankyou for a very therapeutic conversation... keep pushing forward everyone 🙌🏽💗

  • @GrandpasPlace
    @GrandpasPlace 3 года назад +11

    It always amazes me how far you can get with social engineering and knowing how people react. So here is my example from a pen test I did years ago.
    First, I made a bad copy of an employee ID, picture, logo, and wording was in the right place but logo color was a bit different and the writing was not the same. Put the ID on an ID belt clip and clipped it on my belt in such a way that it was close to my crotch. People will not spend time scrutinizing your crotch, they will give it a glance and if it looks ok at a glance they accept it. I then walked in with some smokers. Sometimes called ghosting into the building.
    Once inside I grabbed a clipboard with some paper on it that was sitting on an unoccupied desk, though it worked with a folder or a notepad as well, and proceed to wander the building like I was lost.
    I was stopped by a nice lady who asked if she could help me. I told her it was my first day and there was no computer at my desk. My new boss told me to go to the IT department but I dont see it on this floor. She was nice enough to tell me I got off the elevator on the wrong floor and give me directions to the IT department.
    Once at the IT department I walked in like I owned the place, clipboard in hand and asked "Whos the domain Admin?" I was pointed at a lady who handled AD and told her "The company hired me to do a pen test." (That part is true) "Now I have software that will get me the SAM login database but when I run it, it causes the AD server to blue screen." (This is BS as I didnt have some magic software to do it) "While that is actually part of the pen test they hired me to do, I thought I would come meet the admin and see if they were willing to say I did it and just plug in this USB stick and copy the SAM database file on to it."
    She took the USB stick from my hand, had me follow her to the server room and plugged it directly into one of the AD servers. When I asked why we had to do it from the AD server she let me know that they disabled all the USB ports on the desktops so we had to do it at the server.
    Best part was that with the SAM DB and some common software, I ended up cracking all but 2 passwords. On a company with 25k employees. I didn't even try to connect to the wifi or plug anything into the network. I did that part much later.
    You can imagine how that report went. lol
    Loved the video and agree, social engineering is a huge part of pen testing.

    • @Oats4761
      @Oats4761 3 года назад +3

      Lmao that's great. The part about the blue screen was brilliant. I would be pissed if that happened to my company.

    • @andrew_koala2974
      @andrew_koala2974 3 года назад +1

      There are places where such easy entry would be impossible.
      I being former Military - Airforce [30 years service] have a close friend
      who is a retired NAVY POLICE Officer.
      We were discussing aspects of security - He related a story of a NAVAL
      bus with some 25 personnel on board at the entrance barrier awaiting to
      be escorted in --
      The Particular NAVY POLICE Officer mentioned - made the bus wait until
      he had scrutinized every ID and validated that it is genuine.
      He has refused entry to High Ranking officers who failed to carry and
      present proper ID - even if he recognizes their face -
      The basis is that they may have been discharged from the Service on
      the previous day - and would require special authorization to obtain entry.
      -- Now for you intelligent people - explain the difference between:
      NAVY and Navy
      APPLE and Apple
      ON and on/On
      To give you a heads up start -
      They sound the same but that does not mean they are the same.

  • @maref163
    @maref163 Год назад

    The amount of knowledge and information in this 1 hour is unreal! I was so amazed to find how a professional do its job thanks so much for this video

  • @dafelix
    @dafelix 3 года назад +12

    20:57 so I just got into hacking and pentesting recently and I don´t really have a lot of money, but I have time. I wanted a rubber ducky, but it was too expensive for me, and i found the pico ducky project. So I bought a raspberry pi pico and started the project. It didn´t take me too long to make it work, it was pretty fun to do and a lot cheaper than a real rubber ducky. Also I learned a lot, and the raspberry pi pico seems to have a lot more applications than a rubber ducky. So yeah, I agree that time is money, and that your time has value, but if you have time, wanna learn new things or just don´t have a lot of money maybe the DIY is a good choice.

    • @agadaFrancisLouis
      @agadaFrancisLouis 3 года назад

      I'm interested too, @Dafelix. My story is similar to yours. Please how do I get stated with the Pico ducky project? How can I get a raspberry pi pico?

  • @allenking9346
    @allenking9346 11 месяцев назад

    I like watching your videos. I didn't know squat about coding, programming, telecommunications... I started looking into it bc my phone was hacked and I wanted to learn how it happened so I know what to look for and how to stop it. I'm learning more than I expected and I like how it's explained in a way that even someone like myself can understand

  • @maultron2051
    @maultron2051 3 года назад +3

    It’s finally here

    • @davidbombal
      @davidbombal  3 года назад

      My apologies for the issues with this video. I had to remove the previously uploaded video because I had movie clips like Mr Robot and The Spy Game in the video and RUclips didn't like them... so I had to remove the video :(

  • @micksbiggestfan4006
    @micksbiggestfan4006 2 года назад

    My hand hurts from all the note taking. Thanks so much for all your help.

  • @carmodity
    @carmodity 2 года назад +8

    Him: "I socially engineered the hotel when I got there to get a room with a window that faces the target"
    Reality: I'd like to book a room that faces um .. West.
    Hotel: No problem sir, here's your room key.
    Him: Hacked!!!

  • @fixyournet
    @fixyournet 2 года назад

    I must say I watched this 10 times and learned something new each time!!!! Loved this!!!! Thanks too you both !

  • @Aurumane
    @Aurumane 3 года назад +4

    You are missing one strong peace of equipment: Stingrays, also known as "cell site simulators" or "IMSI catchers,"

  • @honeybadgeractual5734
    @honeybadgeractual5734 3 года назад +1

    On the subject of the key cards, thats where the social engineering side of things comes into play. You would simply have to find out which people have what access by watching the coming and going of personelle, which windows you see them by, and which doors you see them use most often. Then setup a scan of that person's card to make it where you want to be.

  • @Oleffo
    @Oleffo Год назад +3

    5000 in 7 years? (3:05) That would mean 2 pentests per day, EVERY day... naah

  • @LauriaMedia
    @LauriaMedia 2 года назад

    It's very rare that a 75min video can fly by so quickly. Awesome.

  • @haireeizzam6349
    @haireeizzam6349 3 года назад +7

    Goddamn I always love the conversation between you and Neil. Thank you for providing us such a great content!

  • @cristigdv
    @cristigdv 2 года назад

    One of the best videos on your channel David. Thanks for your time for creating such a great content

  • @hotwykinger6889
    @hotwykinger6889 Год назад +3

    1:08:00 im really shocked, even my home network has isolated Lan to W-Lan while the password-secured W-Lan is isolated against the puplic acessible W-lan. And this is not cause im paranoid or have stored valueable things on Computers but it´s simply default by the Internet acess router and active until you change them to make such wired bridgings.

  • @tristannovak3227
    @tristannovak3227 3 года назад

    This was the best video I have found for how to get into cyber security. It made me believe I can finally make a career change and get that first job as a pen tester. Off to start that INE course!

  • @zoltankato9426
    @zoltankato9426 3 года назад +6

    I mean come on guys, why do u have to say such a bullshit number like 5000 pentest? How? 5000 days is almost 14 years. This would mean that you had done a single pentest in a day for almost 14 year EVERY day. Like...why are saying such a dumb number? :D

  • @inspiration360degreeviewpa5
    @inspiration360degreeviewpa5 2 года назад

    When I finally horn my trade on this path I will have David Bombai and Neil’s pics hanging on my office wall like the President and Governor’s official portraits do in most offices. I have gotten some loads of knowledge ever since I know this channel. A thousand thanks

  • @yazor83
    @yazor83 3 года назад +4

    The number 5000 comes from his experience in the US military... They know how to inflate numbers

  • @lfcbpro
    @lfcbpro 2 года назад +1

    I think wireless will come back in a sense with the IoT, people not understanding that those devices should be kept totally separate from any other network due to their insecurities and the lack of understanding on what the devices actually do and the information they collect and use. Also that often these devices can be external of a building, so to get actual physical control of them is not that difficult, and as such allowing you to obtain the wireless information for the rest of the network from physical access to one small device.

  • @dandeeteeyem2170
    @dandeeteeyem2170 3 года назад +4

    🤣 A pen tester that can't do simple math? Over 5000 in 7 years at 2 per week? Are you sure you don't mean testing pens? 😂

  • @AhmedMansour-tu5wt
    @AhmedMansour-tu5wt 3 года назад

    One of the best channels on RUclips, thank you for what you provide to the community

  • @BobBob-qm2bm
    @BobBob-qm2bm 3 года назад

    The David and Neal Show strikes again. Absolutely nailed it!

  • @ek1578
    @ek1578 2 года назад +2

    The picture of Neal with the security guard in the background made me think of a time I saw how trusting people can be. I was at a 2600 meeting on the patio of a coffee shop, myself and another attendee were talking about all manor of old tricks that used to work. A guy at an adjacent table, not there for the meeting, and who neither one of us had ever even spoken to was doing something on his laptop, looked over to us and asked if we could watch his stuff while he went inside and got a refill. The guy I was talking to said “no problem, it’s not like we’re hackers at a hacker meeting or anything like that.” The laptop owner chuckled, and left his laptop there with us for the next few minutes. We didn’t do anything because we were both too busy laughing our asses off and complaining that we’ve never had access that easy.

    • @nathandutton2398
      @nathandutton2398 2 года назад +2

      Why would you wanna mess with someone's computer for free? Guy asked a couple of doctors to look at this thing on his neck.

  • @PS_Tube
    @PS_Tube Год назад

    7 years of pen testing. Which makes 360+ weeks. 4 per weeks would make ~1450 pen tests.
    5000+ means it'd be 25+ years of pen tests.

  • @The10baset
    @The10baset 2 года назад

    This is fantastic. I like the down to earth critique of zero days. A book I’m reading now, “This is how they tell me the world ends” is all about zero days and how the world’s networks are all completely vulnerable because of them ( I haven’t finished it yet, though).
    I would like to have heard, though, if Neil was ever unsuccessful via social engineering to gain physical access to a company.

  • @bluegizmo1983
    @bluegizmo1983 3 года назад +2

    Great video! I have many of those same tools, even the exact same TPLink wifi stick. I also always carry a CrazyRadio PA for mousejack attacks. It's astonishing how many computers STILL use wireless keyboards and mice that are vulnerable to mousejack.

  • @ghostonewolf7201
    @ghostonewolf7201 2 года назад +2

    Thank you for sharing real-life experience and a breakdown of what each tool does. Best of all real-life applications. I just started taking classes and I've learned more in this interview than in the 6 months of classes. This is incredibly informative for me as a newbie. Thank you David and Neal for taking the time to make this video.

  • @modernarchive7502
    @modernarchive7502 2 года назад +1

    I love competence. Thank you both for recording this episode.

  • @myob2k
    @myob2k 3 года назад +1

    David is the goat period! Thanks for your inspirational videos.

  • @arthurspurr4938
    @arthurspurr4938 3 года назад +1

    In a word, excellent. Really good to see what goes on in 'The Real World'.

  • @Andre-ui5yd
    @Andre-ui5yd 2 года назад

    This guy is amazing, please bring him again! Can't wait for those courses.

  • @thegreatdestroyerr
    @thegreatdestroyerr 2 года назад

    Incredibly intriguing! I work help desk and have always wondered on the equipment/methods pentesters actually use as it is something I'd love to do someday. I learned a lot about pentesting and learned an incredible amount on social engineering and just general security awareness from this stuff. Thanks again.

  • @yonisapir6270
    @yonisapir6270 2 года назад

    Learned so much from this one video, thank you David and Neal. Looking forward to whatever you do next.

  • @Tangerine732
    @Tangerine732 2 года назад +1

    One thing I’ve always wondered about is how solarwinds became so popular with government agencies. I didn’t know the Air Force was a starting point for NSA analysts. I’m curious if the government can require their vendors pass a pentest run by someone like this. I feel like it would make us all a little bit safer at the end of the day. Thanks guys! Great vid!

    • @xrunner55
      @xrunner55 2 года назад +1

      They can. They even require it in some industries. Banks for example. Analysts are not the operators. Resding is not a superpower.

  • @steelfalconx2000
    @steelfalconx2000 3 года назад +1

    I work for a telecom. It would boggle your mind how many businesses have allowed access and left me alone into their switch room simply by saying I was there to check on equipment. Of course, I actually did need to check equipment, but many times this is without anyone at the company being notified or requesting a call from us.
    Even easier, I can pull internet from the street, then walk in, say we're having an outage and I need access into their data rack, and boom I'm in. Of course I'm not doing anything nefarious, but it always amazes me where I've been let into.

    • @corail53
      @corail53 2 года назад +1

      It isn't mind-boggling - most people just don't care enough to bother checking things. Social engineering is a dumb term - you are basically just running a confidence game - assert like you are where you are supposed to be and people don't question it. The biggest flaw in security is the lowly paid or over worked person who really is just going about their mundane day to day trying to make a paycheck.

  • @happyagain855
    @happyagain855 3 года назад +1

    Gosh what a great discussion here. You guys should team up and come up with some courses. I just bought Davids Networking course on Udemy and it's so next level. The only course you will ever need..really. Thanks guys for sharing you're knowledge.

  • @syakirinooi6316
    @syakirinooi6316 2 года назад

    Happy 1 Million subscribers David!

  • @dark_sunset
    @dark_sunset 2 года назад

    I used to dream of being a hacker as a kid (never became one) but I love watching these videos anyway as an adult. Thanks David and Neal

    • @CalmFires
      @CalmFires Год назад

      It's never too late to start anything you wanna do. They say hackers come from all walks of life and I've seen them in all ages too

  • @mikeylazokUkraineupdates
    @mikeylazokUkraineupdates 2 года назад

    YOU TWO GUYS ARE AWESOME AND WANT TO SAY THANK YOU FOR THE WISDOM AND HONESTY👌

  • @catmantech
    @catmantech 3 года назад +2

    I'm just trying to think of ways that you would potentially slow down someone like this, once they are in the building. Locking the port security down to the fixed MAC address of the static pc at all the work stations, was my first thought, and having all the communal area network ports locked down to a 'communal area' vlan with, say, only web access and RDP was my second thought.

  • @thatonedudemike3259
    @thatonedudemike3259 2 года назад

    On a complete side note, I Absolutely loved seeing a V-22 on a cybersecurity video. its as if my two life paths crossed. Thank you for these videos, it keep a feller like me going during a career transition.

  • @doop00
    @doop00 2 года назад

    Awesome Video, you and Neal have such good flow, he's so incredibly knowledgeable, I'd wish I had someone close to me that had your knowledge to learn from but all my connection are devoid of intrest in anything from programing, game dev, and hacking stuff.

  • @markkennedy5955
    @markkennedy5955 2 года назад

    I don’t know how I came across this video but I’m so glad I did because I know nothing about this stuff but now I want to know EVERYTHING. This is so cool!

  • @JasonParham83
    @JasonParham83 Год назад +1

    How did they not consider that perhaps with everything going on, the US might want certain countries to "accidentally" discover that US nuclear wont have to fly from mainland USA, because the US already has them stashed next door?

  • @NullStaticVoid
    @NullStaticVoid Год назад

    When I did IT at banks and in TV broadcast we had port security ACLs all that good stuff.
    Had to open a ticket. Then email/call the guy to get him to do the ticket just to get things done like a simple desktop move.
    But the server room was a joke. They let people park their bikes in there. It was next to the door which opened to the garage we shared with the whole building. Which some people would prop open while loading gear and forget about.
    FInally had a sit down with head of engineering and head of production and showered them with reasons not to leave the door open.
    About a month after that drama I found out our internal CCTV system had been hacked, had TOR installed and was being used as a C&C for something I never could identify.
    Instead of getting too detailed about it I just chucked the drive and had the security company install the software on a drive I bought.
    In front of me.
    Strangely our network bandwidth got way better after that. Though the CCTV isn't supposed to touch our corp or production networks?
    hmmmmmm

  • @alberto6174
    @alberto6174 3 года назад

    Great video! As a young person who wants to get into pentesting and cybersecurity for a career this video was incredible. Especially interesting how much emphasis Neal put on social engineering. Would love to see a conversation with Neal on how to develop social engineering skills and how people in this field learn to social engineer in person.
    The problem I see with learning social engineering is that you could very easily be arrested (or serious trouble) for trying to use the skills without permission from the companies (obviously). But it seems unlikely that a pentesting firm will hire and train someone who has very little to no social engineering skills. (especially for younger people who don't have as many years of experience working in cybersecurity).
    Thanks again for the great video!

    • @MrHaggyy
      @MrHaggyy 3 года назад +1

      Get a cs degree, do your comptia or IBM certificate and get you a society or company that backs you up and your good to go.
      As long as you can identify yourself as a whitehat you shouldn't get serious trouble.

    • @camanderson9954
      @camanderson9954 2 года назад

      theres tickets and certification that proves he is whitehat so everything is fine.

  • @TheJoBlackos
    @TheJoBlackos 2 года назад

    Learning is a process which some people can only understand and pull knowledge only after the process is completed and they got through it. For instance, lots of people find building the tools is a cool part of the job, and they will be right if the job is to build the tools. If you are the operator, you only need to understand the tool in order to adjust it if you need on the field. I was one of those passionate people who wanted to do everything and tied to be everywhere. Until I found out I spend way too much time for the results I am getting. So I focused to get results and let other people do some of the work

  • @notebook92410
    @notebook92410 3 года назад

    I can listen to this all day. good stuff

  • @monstarzkg
    @monstarzkg 2 года назад

    I find it funny how this gentleman is raving about how important physical access to a corporation/target is so important, yet corporations consistently pay there physical security teams pennies in comparison to their cyber security teams. I have over 10 years of experience in corporate security and physical SOCs. What this gentleman is saying is very true most day to day guards are contracted and underpaid with very little care for the corporation. That security guard in the café probably makes 35K a year and didn't even care to confront him. The symbiotic relationship between cyber security and physical security is often over looked. Great video.

  • @Oswee
    @Oswee Год назад

    What you guys are doing there is just invaluable! This is the only way to move forward. I hope you will not loose the steam. :)

  • @kgopikkk
    @kgopikkk 3 года назад

    you guys really cracked me up!! on network WLAN!! and yes you guys hit rock hard on truth on how the real world applications work and the ones on test environments!! Thank you so much for sharing all the knowledge that you guys have!! really appriticate it!!