Mind blowing 🤯 $20 million USD bounties! (Zero to Hero Money Hacking Roadmap)

42 thoughts on “Mind blowing 🤯 $20 million USD bounties! (Zero to Hero Money Hacking Roadmap)”

• Stephen Sims shares his years of experience with us and shows us how we can make money hacking. But be careful – some of the options are not recommended.

  // Stephen's Social //
  YouTube: https://www.youtube.com/@OffByOneSecurity/streams
  Twitter: https://twitter.com/Steph3nSims

  // Stephen Recommends //
  Programming Tools:
  Online Compiler, Visual Debugger, and AI Tutor for Python, Java, C, C++, and JavaScript:
  https://pythontutor.com/

  PyCharm – Python IDE with Great IDA Pro Support:https://www.jetbrains.com/pycharm/

  VS Code:https://code.visualstudio.com/

  Patch Diffing:
  Windows Binary Index for Patch Diffing:https://winbindex.m417z.com/

  BinDiff Tool for IDA Pro, Ghidra, or Binary Ninjahttps://www.zynamics.com/bindiff.html

  Diaphora Diffing Tool for IDA Prohttp://diaphora.re/

  PatchExtract for Extracting MS Patches from MSU Formathttps://gist.github.com/wumb0/306f97dc8376c6f53b9f9865f60b4fb5

  Vulnerable Things to Hack
  HackSys Extreme Vulnerable Driver:https://github.com/hacksysteam/HackSysExtremeVulnerableDriver

  WebGoat – Deliberately Insecure Application:https://owasp.org/www-project-webgoat/

  Damn Vulnerable Web App:https://github.com/digininja/DVWA

  Buggy Web App:http://itsecgames.com/

  Gruyere Cheesy Web App:https://google-gruyere.appspot.com/

  Metasploitable:https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

  Damn Vulnerable iOS App:https://resources.infosecinstitute.com/topics/application-security/getting-started-damn-vulnerable-ios-application/

  OWASP Multillidae:https://github.com/webpwnized/mutillidae

  Online CTF’s and Games:
  SANS Holiday Hack 2023 and Prior:https://www.sans.org/mlp/holiday-hack-challenge-2023/ https://www.holidayhackchallenge.com/past-challenges/

  CTF Time – A great list of upcoming and previous CTF’s!:https://ctftime.org/

  YouTube Channels:
  https://www.youtube.com/@davidbombal
  https://www.youtube.com/@NahamSec
  https://www.youtube.com/@OffByOneSecurity
  https://www.youtube.com/@_JohnHammond
  https://www.youtube.com/@ippsec
  https://www.youtube.com/@LiveOverflow/videos

  Free Learning Resources:
  SANS Free Resources – Webcasts, Whitepapers, Posters & Cheat Sheets, Tools, Internet Storm Center:https://www.sans.org/security-resources/

  Shellphish – Heap Exploitation:https://github.com/shellphish/how2heap

  Exploit Database – Downloadable Vulnerable Apps and Corresponding Exploits:https://www.exploit-db.com/

  Google Hacking Database (GHDB):https://www.exploit-db.com/google-hacking-database

  Google Cybersecurity Certificate:https://grow.google/certificates/cybersecurity/#?modal_active=none

  Phrack Magazine:http://www.phrack.org/

  Kali Linux:https://www.kali.org/get-kali/#kali-platforms

  Slingshot Linux:https://www.sans.org/tools/slingshot/

  Books & Articles:
  Gray Hat Hacking Series: https://amzn.to/3B1FeIK
  Hacking: The Art of Exploitation: https://amzn.to/3Us9Uts

  A Guide to Kernel Exploitation: https://amzn.to/3vfY8vu

  Smashing the Stack for Fun and Profit – Old, but a classic:https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf

  Understanding Windows Shellcode – Old, but still good:https://www.hick.org/code/skape/papers/win32-shellcode.pdf

  Great list of exploitation paper links from Shellphish!:https://github.com/shellphish/how2heap#other-resources

  // Stephen’s previous videos with David //
  Free Exploit development training (beginner and advanced) https://youtu.be/LWmy3t84AIo

  Buffer Overflow Hacking Tutorial (Bypass Passwords): https://youtu.be/c2BvS2VqDWg

  // David's SOCIAL //
  Discord: https://discord.com/invite/usKSyzb
  X / Twitter: https://www.twitter.com/davidbombal
  Instagram: https://www.instagram.com/davidbombal
  LinkedIn: https://www.linkedin.com/in/davidbombal
  Facebook: https://www.facebook.com/davidbombal.co
  TikTok: http://tiktok.com/@davidbombal

  // MY STUFF //
  https://www.amazon.com/shop/davidbombal

  // SPONSORS //
  Interested in sponsoring my videos: sponsors@davidbombal.com

  // MENU //
  00:00 – Coming Up
  00:00 – Intro
  01:11 – Stephen's Experience
  03:10 – How to Change Careers
  05:39 – How do I Become an Expert?
  08:01 – Cyber Crime
  12:47 – Ransomware
  16:42 – Ransomware with A.I
  23:15 – Bug Bounties & Disclosures
  28:22 – Web Bug Bounties
  33:45 – Binary Exploitation
  41:18 – Patching and n-Day Exploits
  48:56 – What is the Patch Level in the Target Org?
  51:47 – Diffing Example
  55:40 – Professional Services
  01:03:34 – Exploit Sales Considerations
  01:13:07 – The Golden Era of Hacking
  01:15:00 – Zero to Hero
  01:27:01 – OffByOneSecurity
  01:37:42 – Conclusions
  01:39:43 – Outro

  apple
  ios
  android
  samsung
  exploit
  exploit development
  zero day
  0day
  1day

  Disclaimer: This video is for educational purposes only.

  Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

• Some malware, spy app and virus is difficult to remove even after factory reset phone they came automatically don't know how I am in problem please help me . Not possible to change phone hard-disk

• I need help. I don't know what to do. I have hacked so bad I cant get away from it. I am now homeless, I just now got a phone to work again after over a month. All of my Gmail, Yahoo, Microsoft, etc. Have been hacked, all of my phone's, computers, tablets, and even my Chromecast, my smart tv, you name it. All my accounts, Facebook, etc. I'm being erased. I'm at the point of a mental breakdown. I can't take it anymore. I don't know how to get any kind of number other then leave it here and I don't want my phone blowing up with god only knows, so please respond here with anything I can do. Please, and thank you.

• Stephen reminds me of “Tommy” from the TV show “Power”

• Nice guitars ❤ ur lxur

• Hey man got a suggestion do a very deep dive on hackrf portapack h2.

• This was really great, Stephen is a really cool guy!

• I like to lirn?

• Podcast with Ryan Montgomery

• 54:48 what diff tools are you using ?

• The insert at 21:30 is Budapest and not Bucharest.

• My Facebook has been hacked..can you help please 😢

• I have a question about what security priority is appropriate for Linux vs Windows vs Mac OS

• That was a really nice interview! Thank you both for sharing 😀

• Please suggest some books for web hacking

• Stephen Sims is the only guy I have seen until now who has not allowed David Bombal to utter a word. Such a remarkable guy../😆😅

• 👍

• Please give me pdf this book please

• avoid tech careers. no job security in this field. just a complete waste of time studying IT stuff and paying for cert exams.

• "The whole secret of a successful life is to find out what is one's destiny to do, and then do it." –Henry Ford

• Keep going!

• Great video, lots of great insight and truths. It gives me something to think about but I do agree continuing to study is a must.

• 😀😀👀👀✔✔

• Hi Mr. Bombal!
  Could Mr. Sims talk about "higher level" OSINT stuff like:

  – image processing, geolocation, visual analysis,
  – timelapse reconstruction, 3D-reconstruction,
  – AI-enlarged close-up of the item/image, digital reconstruction (of the image), dimensional analysis, etc.

  Stuff used in law enforcement – tracking criminals and rescuing lost/kidnapped people.
  Thanks for your consideration!

• Have the metasploite commands changed 7 years ago??? Please answer

• 👍👍!

• Fantastic work, David! I couldn't help but notice a minor detail – there seems to be a slight echo from your microphone picking up Stephen's audio. Thank you so much for your dedication and the great content you provide!

• thanks so much , we need more videos of Stephen , less of OTW

• absolutely fantastic presentation

• A M A Z I N G !!! Thank you!!

• Please do an episode with ZSRCURITY

• Thanks David ❤
  I wish you would make a video about Pwnagotchi 😊

• I think this was a good video with good content. The problem is who has $8,000 to $10,000 dollars to be able to take a Sans course?

• Sir please tell me how can I unlock bootloader of my vivo y83 smartphone?? Please
  Please
  please
  Please
  Please
  Please

• i think we all tried to (successfully) make chatgpt write ransomware by changing the prompt a few times max lmao. then with the amount of tools online that help with obfuscating the code and services like kleenscan i'd bet my annual salary you can be a successful ransomware operator in weeks or months. Sysadmin/devops/programming skills help A LOT too. All the required knowledge is just out there in the internet. And it's FREE! many will try to trick you into buying their book/pdf describing that but all you really have to have is google access and some free time.

• Bring on Mr. Hacker Loi!….I don't know who he is tho js

• Next please interview Jim Browning

• Good video! I love Tear you Apart -She Wants Revenge

• Been loving these videos with Stephen! Extremely inspiring what you can learn and do

• Excellent video! and yep gaming is a HUGE time sink, wasted so much time on just one specific game and calculated the total hours, it was like i sat in the chair for 27 days straight , never doing that again. Thank you for this video, it has shifted my focus.

• This video is so interesting. I'm currently studying ISC2 CC and hoping to take the exam in the next few weeks. Looking forward to starting my career path, even though I am entering the cybersecurity career late (I'm 49, 50 in February).

• Great video as always, really just had to watch the full video before going to sleep even if it was 1 am. Good job David and Stephen.❤

Comments are closed.