It’s possible to earn millions of dollars finding zero days and vulnerabilities in software. But, are you prepared to put in the work?
Browser Exploitation Introduction: https://youtu.be/bcnV1dbfKcE
Introduction to Buffer Overflows: https://youtu.be/DHCuvMfGLSU
Modern Windows Kernel Exploitation: https://youtu.be/nauAlHXrkIk
Linux Heap Exploitation: https://youtu.be/dMDoC9DlVzA
Modern Binary/Patch Diffing: https://youtu.be/8jVOvPG4TjA
Crypto and Blockchain Hacks: https://youtu.be/y5JogTgpp-s
My apologies for some of the technical issues in this interview. Zoom is a nightmare đ
// MENU //
00:00 – Coming up
00:53 – Stephen Sims introduction & Sans course
03:28 – Stephen’s YouTube channel // Off By One Security
07:56 – Growing up with computers
08:57 – Getting involved with Sans courses // Impressed by instructors
09:52 – “The Golden Age of Hacking” // Bill Gates changed the game
15:44 – Making money from Zero-Days // Ethical and Unethical methods, zerodium.com & safety tips
32:56 – How to get started
46:53 – Opportunities in Crypto
50:26 – Windows vs. iOS vs. Linux
53:47 – Which programming language to start with
56:22 – Recommended Sans courses
01:02:04 – Recommended CTF programs & events
01:04:06 – Recommended books
01:08:23 – The Vergilius project
01:10:25 – Connect with Stephen Sims
01:12:24 – Conclusion
// Stephen’s Social //
Twitter: https://twitter.com/Steph3nSims
YouTube Live: https://www.youtube.com/@OffByOneSecurity/streams
YouTube videos: https://www.youtube.com/@OffByOneSecurity/videos
E-mail: Stephen(at)deadlisting.com
// Stephen’s courses //
SANS Course sans.org. https://www.sans.org/cyber-security-courses/
– Advanced exploit development for penetration testers course
– Advanced penetration testing, exploit writing, and ethical hacking (GXPN)
– ARM Exploit Development
// Books discussed //
Grey Hat Hacking: https://amzn.to/3B1FeIK
Hacking: The art of Exploitation: https://amzn.to/3Us9Uts
The Shellcoderâs Handbook: https://amzn.to/3VqUEhY
Linkers & Loaders: https://amzn.to/3itqtbe
// Websites discussed //
Zerodium: https://zerodium.com/
Corelan Cybersecurity Research: https://www.corelan.be/
Shellphish: https://github.com/suljot/shellphish
Vergilius Project: https://www.vergiliusproject.com/
// David’s Social //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel: https://www.youtube.com/davidbombal
YouTube Tech Channel: https://youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
apple
ios
android
samsung
exploit
exploit development
windows
linux
exploits
zero days
zero day
0day
1day
hack
hacking
hacker
windows kernel
windows kernel exploit
linux heap
linux heap exploit
reverse engineering
reverse engineer
reverse exploit
red team
red teaming
binary diff
binary diffing
#android #ios #linux
source
When I hear these topics if feel there's an entire universe to discover in a digital realm.
One can only learn and specialize a certain direction and still be memorized of the vastness of knowledge, tools, techniques available.
Tremendous interview, David. Thank you for these. Incredibly interesting and informative.
Absolutely fantastic video. I have calculated it will probably take me about 750 years to get anywhere near the level of knowledge displayed here. Either way, I have started writing that Windows driver, using Kernel-Mode Driver Framework (KMDF)…which I had to google.
I have it this PDF book but is really hard go with it when you have some knowledge I stopped for later I need more knowledge
Thanks for this one, was looking for ages how to start with a clear roadmap, would be nice to have him back to discuss malwares like Shikitega or eternal blue etc
Thank you VERY much for this awesome content, David!
.
.
.
.
.
Corgee hacks you 2 please…
oh snaps! i love exploit dev training! thanks david!
Good Onya David, you're a ledge đ and many thanks to Stephen
SANS is the country club in the world of cybersecurity. Iâd literally have to pay 1/3 of my yearly salary to take a 6 day course.
SANS in essence is saying you must already be successful to be successful in cybersecurity.
Can he come back and talk about hooking system calls
We need this guy back asap
I been validating exploits on multiple platforms still no deal
Would you recommend using a vm or an old laptop you found lying around for practice?
speak David beauty? Do you happen to know any free spy apps?
SoâŠ.instead of making stuff to control everyone they are using all of us to make us weaponless so they can run all over us later.
Went to check the website out and the beginner course, the fundamentals, was like $7k⊠I mean wow..
Hey david, it's shellphish – and not fishshell đ
Took a Sans class taught by Mr. Simms. The guy is legit.
Thanks for initiating the talk with Steven. Now, to find some good zero-days for ZDI.
Great work. Beautiful.
"Things work out best for those who make the best of how things work out." –John Wooden
Great content, as usual! Love all of the hacking stuff in this new series of interviews. I'm about to look into driver creation to see if I can move my self past just exploiting Metasploitable on easy ha ha!
Hey David, would you do a video on browser fingerprinting ?
I don't know how you do it , I just searched for exploit development thought would be good for my skill set and you just released this video.
I love your content helped me alot in my work I really wish you grow more and keep bringing this amazing content. Bless you!!!
đđ!
Have him show us how to do a buffer overflow.
What he says about sacrifice is totally right. I wake up at 5am, workout and then study for at least 2 hours before running my business. Iâm tired a lot but Iâve completed 3 courses in a little over a year. Starting an api hacking course in January. đȘ thanks for another great video David
My files are encrypted with ransomware can u help to decrypt them
I suggest a topic about antiviruses and how to evade antivirus.
please, David, show us how to hack webcam
Hello, is there a virus for all platforms?
Thanks. One of my most resourceful watched videos by any binary GURU… Thank you so much. Every info was gem gem gem…. @Steph3nSims @OffByOneSecu…
please make of iot full Introduction and about attacking and hacking it I need it for my monograph please
Youtuber Jay Williams "Lets live life" recently had his page hacked, any tips on getting it back?
is it still not workingđą?
iam starting my pentesting course,
i have mac m1pro
so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?
Don't worry. We have a ChatGPT now. You better pick carpentry. đ
I like your friend skill that behind the curtain and love your videos also đđđ I m a c.s.e student really want to learn how to work on language but never understand R.I.P mostly one flaw is Indian teachers đ they are followed books not any practicals but now a days study is different I m fast a learner in computing and electronics but when I studied my time is bad I have no teacher like today đ.
just started my journey in C and Assembly but though this is good informationđ„đ„đ„ it is a bit more oriented for intermediate users. wish he recommended books for complete beginners as the way he emphasised on starting with building blocks, books like Hacking the Art of Exploitation when I first bought it, I initially thought it's a complete book but it just made me realise how much I don't know, that I needed to search up more before I understood a certain complex topic…..but ey its life of refusing to be a script kiddieđđđ
đđ»đđ»đđ»
Most people are taught that "you only need a good job to become rich". These billionaires are operating on a whole other playbook that many don't even know exists.
Amazing video!!!
My mind in frazzled đ”âđ« great video!
To all the people complaining about FREE youtubers content being to basic. At some point you have to INVEST into your future, career, and self. Free content is a great way to make sure you have the ability and genuine interest to follow through with the material once it gets difficult.
Hahah
Cant wait