1
00:00:00,090 --> 00:00:00,560
All right.

2
00:00:00,570 --> 00:00:08,280
Before we begin doing our reconnaissance we have to establish a client to attack.

3
00:00:08,280 --> 00:00:13,230
So for this course we're going to be utilizing a client out of bug crowd.

4
00:00:13,230 --> 00:00:18,600
If you've never heard of bug crowd bug crowd is a public bug bounty program.

5
00:00:18,630 --> 00:00:24,900
What that means is there are programs on the Web site that will allow you to attack them.

6
00:00:24,990 --> 00:00:32,320
And if you find a bug against the program you're able to submit it and potentially get money for it.

7
00:00:32,370 --> 00:00:37,410
So you are able to hack these programs publicly as they are part of this program.

8
00:00:37,410 --> 00:00:40,690
Now the program we're going to be attacking is Tesla.

9
00:00:41,190 --> 00:00:43,680
So Tesla is part of bug crowd.

10
00:00:43,680 --> 00:00:49,900
Now please do note please double check when you're watching this course as some time may have passed.

11
00:00:49,920 --> 00:00:53,340
Tesla might no longer be part of this bug bounty program.

12
00:00:53,460 --> 00:00:58,780
So it's very critical to make sure that you are still within scope before you attack.

13
00:00:58,830 --> 00:01:05,130
If for some reason Tesla is no longer in scope just go ahead and pick a new client and do information

14
00:01:05,130 --> 00:01:06,390
gathering on them.

15
00:01:06,480 --> 00:01:09,060
You don't have to pick Tesla when we're doing this.

16
00:01:09,060 --> 00:01:10,710
You can just do it to follow along with me.

17
00:01:10,740 --> 00:01:13,430
But you're also welcome pick any program you want.

18
00:01:13,500 --> 00:01:21,540
So if you go to bug crowd dot com and we go to programs I will show you where Tesla exists.

19
00:01:21,540 --> 00:01:25,260
Now you can see here that they have all different types of programs in here.

20
00:01:25,260 --> 00:01:31,170
And if I were to scroll down and continuously I could find more and more and more there are hundreds

21
00:01:31,170 --> 00:01:35,320
of programs involved all kinds of names digital ocean.

22
00:01:35,340 --> 00:01:35,970
OK.

23
00:01:36,060 --> 00:01:37,740
Really big names Pinterest.

24
00:01:37,740 --> 00:01:41,980
I'll pass in anything that you can imagine.

25
00:01:42,170 --> 00:01:44,650
Probably has a bug program if it's a reputable.

26
00:01:44,880 --> 00:01:45,510
OK.

27
00:01:45,560 --> 00:01:49,600
Any of the big names most likely have a bug program especially if they're reputable.

28
00:01:49,610 --> 00:01:54,620
So here you can see what's based on reward what's based on charity and what's based on points only.

29
00:01:54,860 --> 00:01:57,260
That's how the bug bounties are rewarded.

30
00:01:57,260 --> 00:01:59,810
Some of them are not all cash.

31
00:01:59,810 --> 00:02:03,990
Some of them are just for points and for kudos and the other ones are for charity.

32
00:02:04,010 --> 00:02:06,950
I'm going to go ahead and search Tesla when I do that.

33
00:02:06,950 --> 00:02:10,270
You can see here that Tesla comes up.

34
00:02:10,450 --> 00:02:14,580
Now this is your first lesson into rules of engagement.

35
00:02:14,590 --> 00:02:20,920
We're going to talk about rules of engagement later but it's super important to read the program details

36
00:02:20,920 --> 00:02:26,590
that you see here and what we really need to do is we need to scroll through and make sure that we stay

37
00:02:26,590 --> 00:02:28,660
in scope when we're doing this.

38
00:02:28,660 --> 00:02:30,250
So we have a wild card here.

39
00:02:30,250 --> 00:02:35,380
So this means that any subdomain inside of Tesla dot com is fair game.

40
00:02:35,380 --> 00:02:44,710
Tesla that CNN Tesla Motors etc. What is more important is that we stay with this out of scope so we

41
00:02:44,710 --> 00:02:51,460
don't want to attack shop that you Tesla Motors dot com or energy support that Tesla dot com.

42
00:02:51,470 --> 00:02:54,980
It says you can report vulnerabilities to bug bounty for this one.

43
00:02:55,150 --> 00:02:57,730
Any domains from acquisitions such as Maxwell.

44
00:02:57,730 --> 00:03:03,040
So we have to stay within Tesla and there's a few more sites we're not going to worry too much about

45
00:03:03,040 --> 00:03:08,530
that when we get into the web portion of the course we're going to talk about way more detail on the

46
00:03:08,530 --> 00:03:12,220
new merengue web applications and go into that.

47
00:03:12,220 --> 00:03:17,230
So for now what we're gonna do is we're just going to focus on information gathering what kind of information

48
00:03:17,230 --> 00:03:19,240
can we gather from this client.

49
00:03:19,240 --> 00:03:24,850
So again I'm setting my target the Tesla if you pick another Tesla or another client just make sure

50
00:03:24,850 --> 00:03:27,330
you stay in scope of that client.

51
00:03:27,340 --> 00:03:32,350
So from here we're going to move on to our first video and get our information gathering started.