Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:00,560 All right. 2 00:00:00,570 --> 00:00:08,280 Before we begin doing our reconnaissance we have to establish a client to attack. 3 00:00:08,280 --> 00:00:13,230 So for this course we're going to be utilizing a client out of bug crowd. 4 00:00:13,230 --> 00:00:18,600 If you've never heard of bug crowd bug crowd is a public bug bounty program. 5 00:00:18,630 --> 00:00:24,900 What that means is there are programs on the Web site that will allow you to attack them. 6 00:00:24,990 --> 00:00:32,320 And if you find a bug against the program you're able to submit it and potentially get money for it. 7 00:00:32,370 --> 00:00:37,410 So you are able to hack these programs publicly as they are part of this program. 8 00:00:37,410 --> 00:00:40,690 Now the program we're going to be attacking is Tesla. 9 00:00:41,190 --> 00:00:43,680 So Tesla is part of bug crowd. 10 00:00:43,680 --> 00:00:49,900 Now please do note please double check when you're watching this course as some time may have passed. 11 00:00:49,920 --> 00:00:53,340 Tesla might no longer be part of this bug bounty program. 12 00:00:53,460 --> 00:00:58,780 So it's very critical to make sure that you are still within scope before you attack. 13 00:00:58,830 --> 00:01:05,130 If for some reason Tesla is no longer in scope just go ahead and pick a new client and do information 14 00:01:05,130 --> 00:01:06,390 gathering on them. 15 00:01:06,480 --> 00:01:09,060 You don't have to pick Tesla when we're doing this. 16 00:01:09,060 --> 00:01:10,710 You can just do it to follow along with me. 17 00:01:10,740 --> 00:01:13,430 But you're also welcome pick any program you want. 18 00:01:13,500 --> 00:01:21,540 So if you go to bug crowd dot com and we go to programs I will show you where Tesla exists. 19 00:01:21,540 --> 00:01:25,260 Now you can see here that they have all different types of programs in here. 20 00:01:25,260 --> 00:01:31,170 And if I were to scroll down and continuously I could find more and more and more there are hundreds 21 00:01:31,170 --> 00:01:35,320 of programs involved all kinds of names digital ocean. 22 00:01:35,340 --> 00:01:35,970 OK. 23 00:01:36,060 --> 00:01:37,740 Really big names Pinterest. 24 00:01:37,740 --> 00:01:41,980 I'll pass in anything that you can imagine. 25 00:01:42,170 --> 00:01:44,650 Probably has a bug program if it's a reputable. 26 00:01:44,880 --> 00:01:45,510 OK. 27 00:01:45,560 --> 00:01:49,600 Any of the big names most likely have a bug program especially if they're reputable. 28 00:01:49,610 --> 00:01:54,620 So here you can see what's based on reward what's based on charity and what's based on points only. 29 00:01:54,860 --> 00:01:57,260 That's how the bug bounties are rewarded. 30 00:01:57,260 --> 00:01:59,810 Some of them are not all cash. 31 00:01:59,810 --> 00:02:03,990 Some of them are just for points and for kudos and the other ones are for charity. 32 00:02:04,010 --> 00:02:06,950 I'm going to go ahead and search Tesla when I do that. 33 00:02:06,950 --> 00:02:10,270 You can see here that Tesla comes up. 34 00:02:10,450 --> 00:02:14,580 Now this is your first lesson into rules of engagement. 35 00:02:14,590 --> 00:02:20,920 We're going to talk about rules of engagement later but it's super important to read the program details 36 00:02:20,920 --> 00:02:26,590 that you see here and what we really need to do is we need to scroll through and make sure that we stay 37 00:02:26,590 --> 00:02:28,660 in scope when we're doing this. 38 00:02:28,660 --> 00:02:30,250 So we have a wild card here. 39 00:02:30,250 --> 00:02:35,380 So this means that any subdomain inside of Tesla dot com is fair game. 40 00:02:35,380 --> 00:02:44,710 Tesla that CNN Tesla Motors etc. What is more important is that we stay with this out of scope so we 41 00:02:44,710 --> 00:02:51,460 don't want to attack shop that you Tesla Motors dot com or energy support that Tesla dot com. 42 00:02:51,470 --> 00:02:54,980 It says you can report vulnerabilities to bug bounty for this one. 43 00:02:55,150 --> 00:02:57,730 Any domains from acquisitions such as Maxwell. 44 00:02:57,730 --> 00:03:03,040 So we have to stay within Tesla and there's a few more sites we're not going to worry too much about 45 00:03:03,040 --> 00:03:08,530 that when we get into the web portion of the course we're going to talk about way more detail on the 46 00:03:08,530 --> 00:03:12,220 new merengue web applications and go into that. 47 00:03:12,220 --> 00:03:17,230 So for now what we're gonna do is we're just going to focus on information gathering what kind of information 48 00:03:17,230 --> 00:03:19,240 can we gather from this client. 49 00:03:19,240 --> 00:03:24,850 So again I'm setting my target the Tesla if you pick another Tesla or another client just make sure 50 00:03:24,850 --> 00:03:27,330 you stay in scope of that client. 51 00:03:27,340 --> 00:03:32,350 So from here we're going to move on to our first video and get our information gathering started. 5260