Hacking IP Cameras (CCTV) with Demos and Real World Examples
Whoever controls the cameras controls the flow of information. Being able to see what's going on on every street corner, on every home, on every phone. This is just not voyeristic stuff. This is important cyber security tactics and strategies. One, these cameras are
pretty easy to hack. And two, there's a question of whether or not they're easy to hack on purpose. How are these cameras vulnerable to attack? Now, before we cut to the Occupy the Web interview, I wanted to give you a practical demonstration of hacking IP cameras here locally. Hopefully, this highlights the point that you shouldn't use default passwords on IP cameras.
Unfortunately, a lot of people still do that. You want to use really good passwords and make sure that they not easy to guess. Now, as always, don't attack devices that you don't have permission to attack or that you own personally. In this example, I own these cameras and I've given myself permission to attack them as a demonstration of what's possible. Change the passwords of
your IP cameras. Don't use defaults. Make sure that you implement stuff like 2FA or two-factor authentication or don't allow access to your cameras from the internet. Host them locally. Don't allow people to use Showdown and other tools to discover IP cameras and then attack them. Lock them down. Okay. Okay, so again in this example, I've got two IP cameras connected to a little network here. I've got Ki on this laptop. And
what I can do is discover the cameras and then attack them using KI Linux. I'll type the command IP address to show me my local IP address. As you can see here, I've got an IP address 192.1681.3. So what I'll do now is use end mapap to scan the local subnet. So I'm scanning for devices in the 192.16810 subnet. We've discovered two
Hick Vision cameras, IP address 192.1681.2 and IP address 192.1681.4. We've also discovered the TPLink device which is actually this laptop. But notice here, Hickvision. These are not branded as Hickvision cameras. This is branded as Anker or Ankh, however you want to pronounce it. Let me know in the comments the correct pronunciation of this. I often get
comments about the way that I pronounce things. American English versus British English versus South African English. But again, these are two IP cameras and we've discovered them. So what we can
then do is use N mapap to get details of one of the cameras. So let's use N mapap to find out which ports are open on 192.1681.4. Okay. So this tells us that it's most likely an IP camera. Notice we
see port 554 RTSP. We see an alternate HTTP port. A lot of developers seem to believe that if they move the default port of a service like HTTP to some other random port, it won't be discovered. But notice it was very very simple to discover the ports on this camera. The important one here is RTSP.
So what I'm going to do actually is jump to Windows on this laptop and I'm going to open up VC. VC is a media player. You can download it and install it for free. What I'm going to do here is open a network stream. And in this example, I'll open up a network stream by typing RTSP colon/192.1681.4. So the IP address of
the camera and the port number being 554. Again in KI that's what we see here. IP address of camera port number that we want to open up is port 554. Okay. So I'll click play. And we asked for a password. Now, this is where tools which I'll demonstrate and OTW also demonstrates can be used to attack an IP camera. You can use a brute force attack
or you can use a password list as an example to try and attack the camera. I'll simply enter a default username of admin and no password here. And notice I get access to the camera. So, I'll turn
the volume down on the laptop so we don't hear my voice twice. But notice as simple as that, we've got the camera. If I put my hand in front of the device, notice we can see what's happening. Now, a lot of people may say, "Okay, David, but how do I know what the password is?" I mean, same thing can be done here with the other camera. So, if I connect to 2
rather than 4 and put in the username and password, notice I can see the output of this camera. And there you go, my hand in front of the camera. So, again, how do you know what the password is? And that's where tools like camera radar can help hackers attack cameras. So notice again this port is open. We've got some other ports here. But what I'm
going to do is run Docker and run this camera radar application and try and attack that camera 1921681.4. What camera radar allows us to do is use a list of usernames and passwords to try and attack the camera. Now, while that's going, I'll move to the camera radar directory just to show you the dictionaries that are used. So, I've got this dictionaries folder. I'll
go into that folder. And notice here we've got a credentials file. So, I'll say more credentials.json. And notice it will try various usernames and various passwords to try and attack the camera. So as an example, it'll try admin one and then it will try various passwords like pass or password or password 1 2 3 or querty or root or other passwords to try and guess what the password is. Now sometimes it won't work. In this example, it's
actually using a docker container with default passwords. And in my example, I found that it doesn't work with these cameras. So what I had to do is add additional usernames and passwords to the dictionary file to be able to attack it. So as you can see here, it's now found one stream and it's going to attack the credentials of that stream.
Okay, so here are the results. It tells us what camera has been discovered. It tells us the IP address of the camera, tells us the port, but notice the username and password were not found in this example. So if I scroll up, you can see it's trying all kinds of usernames and passwords. So like supervisor and the password 1 2 3 4 5 6 7 8 9 here with 10 at the end. Here it's trying a password of 4 321. Different passwords
are attempted. Here we've got supervisor with a password admin etc. So it's trying different usernames and passwords based on a dictionary but it didn't find the password in this example. So what we can do is run the application but get it to use a dictionary file that we've created. So I'm pointing it to my home collie dictionary directory and telling it to use that dictionary when attacking the camera. So I'll run this again and
while it's running so again on my Collie machine in my home directory I have created a dictionary folder or directory and inside there I've created this file called pass JSON. So if I look at that file you can see that I have added a blank password and admin as one of the usernames. So you can add usernames and passwords to the dictionary file and then leverage that using camera radar to attack the camera. So in other words to work out what the password is. So there
you go. It found the username which is admin. It found the password which is blank. No password. Found the IP address. Tells us what camera it is. So
basically it's been able to work out the username and password for this camera. So again, if I know that information, I can open up the network stream to the camera, click play, and then put in the username and password that we discovered. And there you go. I can see the output of this camera. Your data is
being sold. And this is how you can stop that from happening. Data brokers buy, sell, and resell your name, address, phone number, and other personal information about you. And it's not just you. They also sell your relatives information. That's why I use Delete Me.
I've used them for a while now. I started using Delete Me because of the recommendations of very well-known people in the cyber security space, people I trust. I have found Delete Me to do what they actually say they do. In other words, they do remove your data. My data was stored on a bunch of websites, but Delete Me have successfully removed that data. And not
only once, they keep that data removed from those dodgy websites. They search hundreds of data broker websites, find your information, and submit removal requests, all done automatically without your involvement. You get reports every quarter showing what they found and what they've removed. They even recheck the website in case your data comes back again. And that's an important part of
this. You can manually go and do this. And you know, more power to you if you want to manually go and remove your data. I just don't have the time to do that. So it makes a lot more sense for me to have delete me go and remove my data and keep it removed so that I don't have to keep on going and checking whether my data has suddenly reappeared. So it's basically hands-off privacy and it works. You can join delete me by
using my link join me.com/bomb and get 20% off coupon code bomb gives you 20% off delete me. Highly recommend them. Go and sign up to delete me and help protect both yourself and your family from scammers and hackers who use your personal data to steal from you. Hey everyone, it's David Bumble
back with OTW. OTW, great to have you back on the show. Thanks David. It's always great to be on the best IT and cyber security channel on YouTube. And I mean that sincerely. I really appreciate that. really want to thank you as always
in 2025 for, you know, all the years of that you've been sharing your knowledge both on my channel but on your website and other places. Just for everyone who doesn't know OTW, he's the author of this book, Linux Basics for Hackers. Very, very popular on Amazon. He's also
written this book, Network Basics for Hackers, as well as becoming a master hacker. OTW, today we've got a very exciting topic, and I don't want to spoil it. What are you gonna be sharing today? Well, David, as you remember, I think it's almost three years ago now. Time flies. Yes, time does fly. About three years ago, we did a show on IP camera hacking. And this was initiated
by the fact that the Ukraine government came to us that hackers arise and asked us to hack. They gave us during the beginning of the war, they were concerned about um the Russians overrunning the country and they wanted to be able to do surveillance on them. So they came to us and said, "Here's a list of 900 I think that's what it was, 900 cameras. Can you hack these for us?" And that's how you and I began talking about it. At that point in time, we we
did a a YouTube and I had to be careful about how much I revealed at that point in time. I couldn't give the readers or listeners as much detail as maybe I would have liked to because you know there was national security issues involved, right? Yeah. Well, now three years have passed and that national security, at least Ukraine's national security is less uh critical because, you know, they're basically at a stalemate in the war and a lot of these cameras are no longer critical to their defense and surveillance. So, we can we can talk about more about actually how we did it, right? And that's correct. Before we start, I want to point out that hacking IP cameras is illegal. All
right? So, let's be clear. This is for educational purposes only. Well, in the case of Ukraine, we actually had permission. They asked us directly to do it, right? So we had legal cover to do it because they had the the the national government asked us to do it in their defense. So for those listeners who are
out there, I just want to emphasize that it is illegal. And I also want to emphasize that, you know, a lot of people think of, you know, hacking IP cameras is kind of a voyeristic thing that they can spy on somebody else's home or, you know, whatever business. But it also has a national security component like we did in Ukraine. So, whoever owns the cameras, and of course in the UK, in the US, in other industrialized countries, there's cameras everywhere. Yep. Yep. Right. Try
and go in the London Underground, you'll be on camera everywhere. Yeah. Exactly. And so, you know, UK is is is famous for how many cameras they have everywhere. Crazy. And so whoever controls the cameras, right? Whoever controls the cameras controls a lot of the information, okay, that is necessary to make good decisions, whatever that happens to be, whether it be law enforcement or national intelligence or what have you. And this kind of reminds me, you may have remembered that, oh, I guess it was maybe almost 10 years ago, the the Fast and Furious 7. Do you remember that? Y in Fast and Furious 7, it was about a hacker who had hacked every camera in the world, every phone and every camera in the world. And and she it was nice that
we finally saw a she hacker always mid. Um once she had developed what I think she called it the god's eye, the god's eye. So the god's eye could see everything, right? Yeah. And and once she had developed that then she became a target for all the security services in the world. But the important point is
that there's so many cameras that whoever controls the cameras controls the flow of information or or is one of the sources of information, right? Being able to see what's going on on every street corner and every home and every phone. This is just not voyeristic stuff. This is important cyber security tactics and strategies. So what we what I want to talk about today is how are these cameras vulnerable to attack.
Okay. Great. And I've got to say you got a you've got a demo. So that's good. I got a little I got a little demo. And and one of the things that we emphasize at Hackers Rise is that people can go on to YouTube or on Tik Tok and see a 30-cond video of how to hack a camera or how to hack Wi-Fi or how to hack anything. We kind of take a different approach at Hackards Arise and that approach is that we want you to understand the underlying technologies. Exactly. Yeah. So that when that
particular hack is closed, right, that you can still develop a new one, right? Because yeah, in in in this industry, what happens is that there's a found vulnerability, a known vulnerability, it gets patched, it gets closed. So when you learn a new tool that can hack a particular object device, it only is good for a short period of time, maybe a year, maybe two, it depends upon, you know, the particular device and how quickly they close it and how quickly people patch their devices. In some cases there people don't ever patch their devices and you can find old systems that are still vulnerable. But
the important point here is that you understand the technology behind the device so that you can develop your own or use a tool in a different way in the future. So we want to teach people the basics, the fundamentals of the technology. So let's talk a little bit about IP cameras. I know that some
people are going to go to sleep during this and a boring a bunch of slides, you know, we don't want to read those slides. We just want to get they can go to this time stamp if they just want to see the demos. I'll put a time stamp up here. Get get to the good stuff and hack
those cameras. We don't want to talk about how to what the technology is, right? But anyways, let's talk about the technologies for a few minutes. Okay. So there's a, as this slide shows, there's at least two types of cameras out there. There's these proprietary cameras like the Nest cameras and then there's the open standard cameras which are the vast majority of the cameras, right? And these use RTSP and NVIF. Okay, these are two of the the um protocols that are used in these cameras. In some cases, these cameras use both of those protocols, right? So, here's some of the major players. You know, the the ones that are
most concerning are Hickvision and Dahooa technology, right? These are huge developers market cameras. They're all over the world. There's literally millions of these cameras out there. Um, even if it doesn't say it's a Hickvision or a Dahooa, they're often white labelled. They sell their products to other company who put their label on them. Right? So these are everywhere. They're made in China and and unfortunately depend upon your perspective, they're relatively easy to hack because like the IoT devices we see all over the world, there's not a whole lot of thought that's been put into securing these devices, right? or there's very rudimentary security put into them that's easy to break. All
right. So here's this kind of IP camera protocols. All right. And so here we can see that the RTSP is used for live streaming. All right. And you can see that the VIF is also used for camera discovery and configuration. It uses RTSP for live
streaming. RTSP is by default port 554. Um, but a lot of the manufacturers put it on like 8554 or 5554. So there's a it's a default of 554, but you'll find cameras in all different ports and usually ends in 54 though, right? So anyway, so RTSP is real-time streaming protocols. It's used to establish and control video and audio streams. The content is delivered by the real time transport protocol. Our STP
does not provide configuration. Right? This must be done using the URI and the IP address. Any configuration change need to be done via the web interface. So let's talk about this a little bit. So what's happening is that when you try to log into one of these cameras that is generally okay it's going to be on port 80 or 443 right so it's and you're going to get a login interface but when you start streaming the date the the video it's going to use RTSP over port 554 you just are authenticating on port 80 or 443 a surprising ly a lot of these cameras use HTTP for login and not HTTPS right so most of the systems support RTSP as a fallback even if they're using a different protocol such as PSI PSIA or NBIF and so this is RT RTSP is an application layer protocol layer 7 right for commanding streaming media servers via pause and play capabilities It facilitates real-time control of the streaming media by communicating with the server without actually transmitting the data itself. Rather, RTSP servers often leverage the real time transport protocol in conjunction with the real-time control protocol to move the actual streaming data. So, we got a lot
of information there, a lot of protocols. The important point is that you're not getting the stream over HTTP or HTTPS. It's going over RTSP port 554. Right. When a user initiates a video stream from an IP camera using RTSP, the device sends an RTSP request to the streaming server. This jumpst
starts the setup process. Subsequently, the video and audio data can then be transmitted via RTP. You can just think of RTSP in terms of a television remote control for media streaming with RTP acting as the broadcast itself. All right. While similar in some ways to HTTP, RTSP defines control sequences used in controlling the multimedia playback. While HTTP is
stateless, RTSP has state. Okay, remember that. So stateless means that the the protocol doesn't know if you've been there before, right? So, HTHP is stateless and it controls state by you know the three we we establish a connection and then meaning in some ways it is able we won't talk about those right now but there's ways that can it can actually determine whether or not you have a established connection right an identifier is used when needed to track concurring sessions and that's what RTSP does right like HTTP RTSP uses TCP to maintain an endto-end connection. And while most RTSP control messages are sent by the client to the server, some commands travel the other direction from the server to the client. All right, so we're just talking about some of the the the fundamentals here of RTSP.
Not going to go into a lot of detail here, but we see that there's this is the essentially these are the commands that RTSP can use and being able to set up and tear down and in this case describe a connection. So typical of HTTP requests like the options requests are also available. The default transport layer protocol is port 554 as we talked about although we have seen H554 and 5554 and others similar. Okay, here's what it looks like in terms of the um the URL to be able to connect to these servers. All
right. So, that's some of the basics of the RTSP protocol. One of the things I always emphasize in terms of hacking anything is always start with the simplest first. Always start with the simplest first. There's there's no reason that you should be out there trying to develop your your unique zero day when when somebody's using default credentials. Exactly. Right. So, go
ahead and try the default credentials first. And we've got a list here. We also have these on Hackers Arise. So, you got to figure out first of all what kind of camera it is. And then you can look at the the uh uh various sets of credentials. Try those out first. Right. It's also I should point out that I've been inside of hundreds of cameras.
Hundreds of cameras. And almost invariably, I would say well over 90%, maybe 98%, there's always a user named admin. No matter what kind of camera it is, no matter where it is, there's always a username admin. So people will always, and you see it's a default on a lot of these cameras, but even after they change the password, which some some do, some don't, there's always an admin in there. And so really all that has to be done is to break the password and not try and guess the user because it's almost always admin. And if it's not admin, it's admin one, admin 2, admin 3, and admin four, right? That's crazy. And
and you'll see this on almost every camera, right? And so here's you can see these all have admin as the default username. And they generally don't change those, but they will change the password in some cases. I would say probably something like 10% of the cameras that we've investigated. Let's call it that. Let's call it
investigated. The cameras that we've investigated still have the default credentials in about 5 to 10% still have default credentials. And so here you can see some more. These are just kind of some of the major players in this market. Keep in mind that Dahooa and Hickvision and those are what we're going to focus on right now, right? These are the two Chinese manufacturers and they're among the largest manufacturers in the world have over a 100 relablers and OEMs and many of them they simply use the same password requirements as their base manufacturer which is Tahoo and Hickvision. I should
point out at this point in time that many nations, many states have banned these cameras. So I think uh in the United States there's several states who banned them. Um and UK in 2022 says they would cease deployment okay of these manufacturas into sensitive sites okay and so we're seeing these an awareness that one these cameras are pretty easy to hack okay and two there's a question of whether or not they're easy to hack on purpose right if the Chinese haven't manufactured them now This is what some people are saying. I'm not I'm not I'm not not proposing this. I'm simply saying that this is an
issue that's being discussed is have they purposely made them easy to hack on purpose. We know that the Chinese as a state policy are trying to gather as much information about who they see as their opponents, which is the West and US. And this might be another one of those ways. I'm not going to say, but
what I will say is that after investigating many of these cameras that it's it's way too easy, right? And it looks like somebody made it way too easy on purpose. Okay, that's interesting. Just keep that in mind. So you can find okay these IP cameras you know by simply going to show and and putting in the keywords okay or port 554 right you can also look for port 554 to find cameras okay you can also use the showdown API right so this is probably a more efficient way to go ahead and uh find these cameras it's one of the things that we've done so in Zuma can also be used. So I think we
talked a lot in our earlier video about ways of finding the camera. So we don't want to spend a whole lot of time on that. Right. And here just some of the cameras that I'll just go through them quickly, you know, that we were able to access in um in Ukraine. So, I'm going
to show you a tool that is designed to be able to use RTSP to be able to hack the credentials in these cameras. All right. It's called Camera Radar. All right. Well, the first thing if you want to get it, it's a it's not in the repository at Cali, but it is available on GitHub. So, let me just
show you. It's I found it works best when you're using um uh Docker. So let's go ahead and do install Docker first. So first of all, install Docker. Docker is a a container. All right. It allows you
to put your your uh application into the container. Okay. Uh it's actually should be Docker io. All right. Let's put that in. All right. There we go. And then
once you've got Docker installed and and Docker is one of those things that you probably should come familiar with because more and more applications are are are working better in Docker and they're designed to work in Docker. So then once we have Docker installed, we can go pseudo system control start Docker. Okay. So all we're doing here is starting the service, right? Using the system control. And then we need to go ahead and go pseudo get plural https github.com and then it's going to be
this is a finish name that and then download it to your machine. All right. So tells me it's already exists as you would expect. I've already got it set up. All right. So what this does is it simply uses default credentials and a short password list to be able to brute force the camera credentials. All right. And so so it's the syntax is pretty straightforward, right? So all we need to do is to go pseudo docker run and then camera radar and then the target and then say 192 1681 101 if it's on your own network. So just for just for YouTube, anyone who's watching this on YouTube, this is a camera that you own and you've given yourself permission to attack it, right? Well, actually I don't even have anything at this at this camera, right? I don't have anything at this IP address. I'm just using this as an
example. So, if you were if you were trying to crack the credentials of a of a camera that was on the internet, all you would do is replace the IP address right here with the IP address of the camera. Now, one of the things you have to keep in mind is that the cameras may be on diff using different ports, right? And so we can adjust this by say that instead of 554, which is the default for this application, it was on 8554, we'd have to go ahead and put in that port. If it's actually if RTSP is actually on port 554, which is the default, then this application will default to that same port. But you'll find that many of them do not use 554. The majority do,
but a lot of them don't. people, you know, one of the things that that a lot of newbies to cyber security don't recognize is that port numbers are default port numbers. It doesn't mean that people have to run that application on that port, right? Um, so you can run anything you want on any port and in this case, if you have an IP camera, you might want to run it on a different port than the default so that people can't discover it. it makes it more difficult to discover, right? So, this is an excellent tool. Our our folks developed
a similar tool for just similar things. It has a very small password list, username password list, and it but you can go ahead and add an additional password list to it. Any password list you want. Um, and that's a little more complex. You have to take the password list and convert them into a JSON format. And once you do that, you can use any password list. So if you have
sack lists, you can I'm going to go ahead and for those people who aren't familiar with seclist, right, we can go pseudo apt install seclist is um Daniel seclists. I guess Daniel Mesler has developed um these and it's got a lot of excellent password lists in it and directory lists that you can use for brute forcing and this is just downloading it here on this system here and this is in obviously in the repository and so you could use these bigger password lists against these cameras as well. So by default it has a very small password username list. Like I said from my investigation almost every camera okay almost every camera has at least one user called admin and sometimes multiple users named admin. So really you only need to target the password and not the username generally.
All right. And so this is seclus is downloading onto my system. Okay. There we go. Okay. So now, right, let's go. We
should have a directory called checklist. And got lots of stuff in here. Uh, user share word. There's a list. Maybe it's plural. Ace of There we go. There. Let's see. Got a bunch of word lists here. Here's SE list right here. User share seclist. Let's go.
Secless. Plural. Plural. And so here's here's our seclist. Daniel Mesler, uh, an excellent researcher. He's in Silicon Valley area. He's got a website and he's
active on social media as well. He's put together a lot of these um various lists that are useful in being able to um here's a password, some fuzzing, some discovery, miscellaneous usernames, and webshell. So, one of those things that you should put on your Cali almost, you know, when it's brand new, put it on there and and use these. If we go into
say the passwords, you'll see that he's got a number of password lists that are useful. These are the most common passwords here. Some French ones and some others. Okay. So, this is a this is an excellent source for good password list. All right. So, let's uh let's talk now specifically. I'm going to go ahead and u go back to my presentation. So
this is a login form all right captured from a Dahooa technology camera right and so basically it's just a username and password one of the things that we have found well let's not say we found let's say that was found right is that these Dahooa cameras have built into them a mechanism for being a for resetting the password for the administrator, right? So, what it does is that the folks at Dahooa and those people who know, right, can actually get into the system and change the password and anything that appears. So, if a request comes from inside the network, okay, to change the password, it'll allow you to bypass authentication. Okay. It's of It's often referred to as the Dahooa bypass authentication vulnerability. That's what it is. It's like CVE 2021 33345 or something like that. Sweet. I'll get you the exact number. It's a It's actually CVE 2021 33
044 and 045. And so what it does is that it allows somebody inside the network. All right. To be able to change the password. So, all you have to do is to appear to be coming from inside of its network. Specifically, it's designed to
allow an IP address of 127001 to bypass authentication. Right. That's crazy. Exactly. It's crazy. I mean, was it done on purpose? Yes. Was it done for nefarious purposes? We don't know. So what you can do and what we've done is that we simply are able to emulate coming from 127001 spoof it essentially and then it will actually allow us to get into the camera without any authentication whatsoever. And it allows us to come in
as the administrator and then we can add ourself into the the users put our own user in our own username and then we have access every day at any time we want. Right? So this is how we did many many of the cameras. You can still find cameras out there although many of them have been patched. Okay. You can still find cameras out. This is a almost a fouryear-old, three and a half year old vulnerability. You can still find
thousands of cameras out there that still are vulnerable to this, but the numbers are getting smaller and smaller every day as we said as people patch them. A lot of people aren't aware of the problem and so they don't patch them and so there's a lot of them out there. Um, I don't know how much. Would you like me to demonstrate and and be able to hack a camera, a real live camera? OTW, I know you can do this and I know you can demonstrate it, but not unfortunately. I can't do it. I can't do
it. Come on. Come on. Let me do it. Let me let me let me show people how we can actually get into these cameras. I'll just say this. You can do that in your course, right? But not not with me. So, when people attend your course, they can perhaps watch you do this. Is that correct? But not with me. We can do
this. We have some new um exploits that we're working on right now that we'll be able to hopefully be ready and be able to demonstrate for our mark our May class in IP camera. We have a new updated IP camera hacking class coming up in May. We've got a couple of uh exploits that we're working on right now that hopefully we can demonstrate in that class as well as some of these older ones that are available. But I I'm
disappointed that we can't actually Can Can I show you like a a a camera interface? Can I Can I show you like a real live camera interface? Can I show you that one? You got You can't show me one that you've hacked. No, but I'll just show you a camera interface. Okay. So, a real live camera interface. Um
Okay. So, this is a real live Okay. Uh you can see admin. It looks like it might be Natalie in here. Um so this is
what one could do then with this is to simply bypass this authentication. Obviously this is going to be you can see this case here. Well no you can't see it. It's fuzzed out for you guys but
in this case the company who has this particular camera is using port 8085. So this is actually on port 8085. Once again, they're trying to use some security by obscurity by putting it on this case, it's HTTP, it's not HTTPS on port 8085 so that people can't easily find the camera, but we did. And this is one, and this is one that's actually vulnerable to attack, but we can't do that on YouTube. So, I love I I loved some of your tweets. you've got
like a really um snarky way of saying some things. And one of your tweets was something along the lines that you can learn from pentesters or you can learn from someone that hacks, right? So um I said yeah I think I think one of my tweets I said sure those other guys can do it in a virtual machine or for a you on a YouTube video or a Tik Tok video. But in our case you're talking about real hackers and you can learn real hacking from real hackers. Just for everyone watching, I cannot allow OTW to show you this unfortunately. But OTW, they can attend your course and then they can watch you do this uh you know because you have have no restrictions on your course. But um unfortunately here
we do. So unfortunately we can't demonstrate that here. But I mean if you had your own camera we could have we could demonstrate the same thing, right? And but that's having your own camera is kind of like doing a virtual machine, right? So it is you know you people will do these in classes and they'll go oh yeah well you know imagine that this was out on the internet and and they they'll make that ver that m that camera or the machine particularly vulnerable right but we try to keep it real. Of course everything that we do is for educational purposes right that's what we're doing it for. We're not doing it for to teach people to use these techniques maliciously. Right? We're teaching people to use it for ethical purposes.
So, let's be very clear on that. All right? Let's be very clear. In some cases, you know, like in the case of of your any nation being engaged in cyber warfare, these might be useful techniques. And we have a lot of various
military people and intelligence people in our classes now. Yeah. That's been a growing portion of our student body because we do real hacking and we do it in ways that are useful to the various militaries um and intelligence agencies. Yeah, OTW, it's really disappointing. I'm sure we'll get a lot of comments, people complaining that you're not showing how to hack live cameras, but I will say this again for everyone who's watching.
We just can't because I still want a YouTube channel and um still going to continue We we want you to have a YouTube channel. Yeah, exactly. So, now is a perfect time to upsell your course, OTW. Like we've said, they should buy your books. They should attend your classes. Um, and you've got a special
discount, right? We have a special discount. We have a special discount for everybody who watches this video uh for anything on our site, 20% off using coupon code, David's last name. Appreciate it, OTW. I really appreciate you sharing and keeping it real and also respecting the fact that um we hopefully I'll keep on having a YouTube channel and it won't be taken down. But um really appreciate you once again coming on. For everyone watching, please put your comments below. OTW as always.
Thanks so much. Thanks David. Look forward to our next uh video together.
2025-05-14 08:16
