David Bombal

It's just too easy to attack websites using Cross Site Scripting (XSS). The XSS Rat demonstrates XSS attacks. XSS Rat explains and demos cross-site scripting (xss) attacks. // MENU // 00:00 ▶️ We are taking over the world! 00:16 ▶️ Introducing//XSS Rat//Wesley 01:28 ▶️ What is XSS/ Cross Site Scripting? 02:59 ▶️ Types of XSS 05:15 ▶️ Reflected XSS 06:22 ▶️ Example of data sanitization 07:35 ▶️ Circumventing filtering with the img tag 11:01 ▶️ Sending a Reflected XSS Attack to Someone 12:01 ▶️ Using HTML comments as an attack vector 13:49 ▶️ Using single quotes to break out of the input tag 15:14 ▶️ Don't use alert() to test for XSS 17:33 ▶️ What you can do with Reflected XSS 19:26 ▶️ Stored XSS 20:31 ▶️ Using comments for XSS 21:05 ▶️ Example #1 of Stored XSS on Twitter 21:42 ▶️ Example #2 of Stored XSS 22:12 -▶️ The answer to the ultimate question of life, the universe, and everything. 22:56 ▶️ Stored vs Reflected XSS 24:22 ▶️ AngularJS/Client Side Template Injection 25:06 ▶️ Don't use JavaScript? 26:09 ▶️ Where to learn more//XSS Survival Guide 27:04 ▶️ DOM Based XSS 29:36 ▶️ List of DOM sinks 30:12 ▶️ jQuery DOM sinks 32:15 ▶️ XSS Rat Live Training 33:00 ▶️ Support XSS Rat//Wesley 34:06 ▶️ Closing//Thanks, Wesley! // Demo Sites // XSS Labs: https://hackxpert.com/labs/RXSS/GET/ Labs site: https://hackxpert.com/labs Rat Site: https://hackxpert.com/ratsite // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // XSS Rat SOCIAL // Twitter: https://twitter.com/theXSSrat YouTube: youtube.com/c/TheXSSrat Website: https://thexssrat.podia.com/ // XSS Rat's Udemy course // XSS Survival Guide: https://www.udemy.com/course/xss-surv... // XSS Rat's courses and bootcamps // https://thexssrat.podia.com/ // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com xss cross site scripting portswigger ajax jscript javascript xss attack xss video tutorial xss attack tutorial xss explained xss attack example xss bug bounty xss tutorial xss vulnerability xss vs csrf attack xss example xsser xsssa facebook xsssa kali linux penetration testing ethical hacking bug bounty cross site scripting cross-site scripting red teaming cyber security kali linux install kali linux 2022 ethical hacker course ethical hacker javascript ajax jquery node js node js hacking portswigger Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #xss #javascript #hacking

2 Mai 202234min

You cannot hide. Your privacy is over. Want to learn OSINT? Want to learn how easy it is to find information online? Time to learn Open Source Intelligence from the best. I think I'll move to a cave :( OSINT Curious is a registered, non-profit 501(c)(3) organization with the United States IRS (EIN: 84-2781099); and accepts Patreon donations from individuals and sponsors. If you are a sponsor, please contact them if you want to work with them: https://osintcurio.us/funding/ // The OSINT Curious Project // YouTube: https://www.youtube.com/c/TheOSINTCur... Twitter: https://twitter.com/osintcurious LinkedIn: https://www.linkedin.com/company/the-... Website: https://osintcurio.us Public, OSINT-focused Discord: https://iam.osintcurio.us/discord Sponsor personally or through your company: https://osintcurio.us/funding/ // Websites mentioned // OSINT games: https://www.osint.games/ OSINT Framework: osintframework.de OSINT Training: myosint.training Fitness app Strava lights up staff at military bases: https://www.bbc.co.uk/news/technology... https://www.theguardian.com/world/201... // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Lisette SOCIAL // Twitter: https://twitter.com/technisette Personal website: https://technisette.com // Steven Harris SOCIAL // Twitter: https://twitter.com/nixintel LinkedIn: https://www.linkedin.com/in/steven-ha... Personal website: https://nixintel.info/ SANS SEC487 OSINT Courses Steven teaches - https://www.sans.org/profiles/steven-... // Micah Hoffman SOCIAL // Twitter: https://twitter.com/webbreacher LinkedIn: https://www.linkedin.com/in/micahhoff... Personal website: https://webbreacher.com Micah's OSINT Training Courses: https://myosint.training Micah's OSINT CTF Platform: https://osint.games // BOOKS MENTIONED // 1. Hack The World With OSINT – Chris Kubeka: https://amzn.to/3xM61I1 2. Open Source Intelligence Techniques (Ninth Ed) - Michal Bazzel: https://amzn.to/3Lb7MSX // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com osint osint curious google dorks dorks google osintgram osint framework osint tools osint tv osint ukraine osint tutorial osint course osint instagram osint framework tutorial cyber security information security open-source intelligence open source intelligence sans institute cybersecurity training cyber security training information security training what is osint open source artificial intelligence cyber hack privacy nsa oscp ceh Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #osint #cyber #privacy

25 Apr 20221h 13min

Learn the basics of how to use Python and Scapy to create malicious or dodgy packets and send those into networks. Who knows what's going to happen when packets are created like these. Also learn that what they teach you about the TCP/IP model in the CCNA course isn't necessarily true in the real world. You need to learn to code! Learn Python. Learn Networking. You are going to be very powerful and very scary if you combine knowledge of networking with Python scripting! But, do good. Learn to code. Learn Linux. Learn Networking. // Menu // 00:00 - Coming up 00:28 - Introduction 01:00 - How to generate dodgy packets with Scapy 01:14 - TCP/IP model 01:25 - Protocol data units 01:46 - OSI model video 02:12 - Importing Scapy into Python 04:25 - Spoof mac address 06:18 - Sending traffic into the network 08:52 - Sending weird packets 11:43 - "Advanced stuff" 15:11 - In the real world 17:17 - Conclusion The OSI Model is a lie: https://youtu.be/apr63p7K_3A Scapy documentation: https://scapy.net/ Playlist: https://davidbombal.wiki/scapy // SCAPY RESOURCES // Website: https://scapy.net/ Documentation: https://scapy.readthedocs.io/en/latest/ // SCAPY INSTALLATION // sudo apt update sudo apt install python3-pip sudo pip3 install scapy // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com python scapy kali linux kali kali linux python osi model tcp tcp ip tcp/ip tcp ip model python scapy ccna ccnp ccie cisco routers ccna 200-301 python scripts linux kali kali linux 2022 kali linux 2021 oscp ceh security+ pentest+ Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #python #hacking #cyber

25 Apr 202217min

This is my second interview with the professional hacker Occupy The Web. In this video we discuss OSINT and hacking industrial control systems (ICS) using SCADA (supervisory control and data acquisition). Jump to 33:40 for scada discussions. Disclaimer: The opinions expressed by Occupy The Web in this interview are his own. // Previous video // OTW video 1: https://youtu.be/GudY7XYouRk // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web social // Twitter: https://twitter.com/three_cube // Occupy The Web books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/ Using OSINT to find Yachts: https://davidbombal.wiki/osintyachts Can the CIA or other Intelligence Agencies Track My Every Move: https://davidbombal.wiki/ciaphonestra... SCADA Hacking: The Key Differences between Security of SCADA and Traditional IT systems https://davidbombal.wiki/scada1 SCADA Hacking: Finding SCADA Systems using Shodan https://davidbombal.wiki/scada2 Shodan: Using Shodan to Find Vulnerable Russian SCADA/ICS Sites https://davidbombal.wiki/shodan SCADA Hacking: The Most Important SCADA/ICS Attacks in History https://www.hackers-arise.com/post/sc... SCADA Hacking: SCADA/ICS Protocols (Profinet/Profibus) https://www.hackers-arise.com/post/20... Lots of Scada content: https://www.hackers-arise.com/scada-h... // In the News // Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems: https://www.wired.com/story/pipedream... Ukrainian power grid 'lucky' to withstand Russian cyber-attack: https://www.bbc.co.uk/news/technology... An Unprecedented Look at Stuxnet, the World's First Digital Weapon https://www.wired.com/2014/11/countdo... // Other books // The Linux Command Line: https://amzn.to/3ihGP3j How Linux Works: https://amzn.to/3qeCHoY // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

19 Apr 20221h 6min

I interview a Russian about the effects of the anonymous hacks on Russian life. This interview is a response to the Occupy The Web interview posted on my channel. What do you think? Disclaimer: The opinions expressed by Timur in this interview are his own. // MENU // 00:00 ▶️ Coming up 00:40 ▶️ Introduction 02:38 ▶️ What's actually happening in Russia? 05:16 ▶️ Websites that are taken down 06:58 ▶️ Doing more harm than good? 08:30 ▶️ Blocked media platforms 12:01 ▶️ The struggles 16:02 ▶️ Hackerone 18:58 ▶️ IT hysteria 21:23 ▶️ One of the lucky ones 22:20 ▶️ Message to the world 24:12 ▶️ Important message 26:18 ▶️ Conclusion Occupy the Web interview: https://youtu.be/GudY7XYouRk Hacker X arrested in Mexico: https://youtu.be/bHBBtsG8qak // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Timur social // Hackerone: http://hackerone.com/irisrumtub Twitter: https://twitter.com/irisrumtub // Occupy The Web books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh // MY STUFF // https://www.amazon.com/shop/davidbombal Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! ukraine russa occupytheweb occupy the web hackers arise hackersarise proxy proxy chains ddos ukraine war cybersecurity ukraine cyber attack russia ukraine news russia vs ukraine cyberwar russian invasion russia ukraine crisis ukraine crisis cyber security cyberwarfare putin cyber attack cyber war russia cyberwar russia cyber attack cyberwar against russia cyber security news ukraine war ukraine cyber attack today russians cybernews ukraine 2022 ukraine news russia ukraine conflict anonymous #ukraine #russia #cyberwar

19 Apr 202227min

Is computer science the path to become a master programmer? Dr Chuck says there is a better way - and you can get it for free! He also shares his vision on how to become a master programmer - this also includes mentorship. FREE course links below :) // MENU // 00:00 ▶️ Introduction 01:30 ▶️ Cisco Certs as the Standard and Why Programming Doesn't Have an Equivalent 04:33 ▶️ Computer Science As the Way to Get Into Programming 09:37 ▶️ Computer Science Doesn't Make You a Master Programmer 11:25 ▶️ Why The System is Broken 14:20 ▶️ The Role of Universities in the Future of Education 22:08 ▶️ The First Half of the Path to Master Programmer 24:00 ▶️ The Second Half of the Path to Master Programmer 26:26 ▶️ What Is a Master Programmer? 31:36 ▶️ David and Dr Chuck's Experiences with Programming Courses at University 36:32 ▶️ Brief Overview of the Origin of Computer Science and What Went Wrong 44:02 ▶️ When Dr Chuck Teaches Recursion 44:56 ▶️ But Doesn't the System Actually Work? Just look at Google and Facebook 45:38 ▶️ The Idea for Google Wasn't Good Enough for a PhD 48:47 ▶️ How to Fix the System 50:43 ▶️ The Last Nut to Crack 54:22 ▶️ Open Source's Role 56:44 ▶️ You Can't Apply Until You Have Run the Gauntlet 1:00:34 ▶️ You Can Start Now 1:01:08 ▶️ The Value of Mentors 1:04:15 ▶️ The Problem with Online Platforms 1:05:37 ▶️ Why Cisco is the Standard in Networking 1:08:15 ▶️ Every Course Dr Chuck Teaches Requires Him to Write Code 1:09:29 ▶️ Quick Summary for the Plan for the Master Programmer 1:11:53 ▶️ What's the Cost Going to Be? 1:15:09 ▶️ Education Is For Everybody, Not Just the Rich 1:16:36 ▶️ Final Thoughts 1:18:33 ▶️ Thanks, Dr Chuck! // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Dr Chuck social // Website: https://www.dr-chuck.com/ Twitter: https://twitter.com/drchuck/ YouTube: https://www.youtube.com/user/csev Coursera: https://www.coursera.org/instructor/d... // Python for Everybody // Free Python course on Coursera: https://www.coursera.org/specializati... YouTube: https://youtu.be/8DvywoWv6fI Python for Everybody: https://www.py4e.com/ Free Python Book: http://do1.dr-chuck.com/pythonlearn/E... Dr Chuck's Website: https://www.dr-chuck.com/ Free Python Book options: https://www.py4e.com/book // Django for Everybody // Website: https://www.dj4e.com/ Coursera: https://www.coursera.org/specializati... YouTube: https://youtu.be/o0XbHvKxw7Y // Web Applications for Everybody // YouTube: https://youtu.be/xr6uZDRTna0 Website: https://www.wa4e.com/ Coursera: https://www.coursera.org/specializati... // Internet History // Coursera: https://www.coursera.org/learn/intern... YouTube: https://youtu.be/47NRaBVxgVM // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com python python course python for beginners master programmer dr chuck dr chuck master programmer python mentorship google code interview google interview computer science python best course dr chuck python dr chuck python course learn to code software development software developer computer science software engineer software engineering how to learn programming free python course free python course online free python class free python tutorial free python training how to learn to code coding tutorials how to code learning to code learn to code for free learn to code python python jobs coding bootcamp google code interview python for beginners python full course python tutorial python projects python basic tutorial python programming python interview questions python course python basics open source #python #programming #drchuck

19 Apr 20221h 18min

So you think Linux is secure? In this video we'll escalate our privileges on Linux to become root. // MENU // 0:00:00 ▶️ Introduction 0:01:15 ▶️ Jump to the demo 0:01:38 ▶️ About Alexis, background and experience 0:07:38 ▶️ Starting HackerSploit 0:08:47 ▶️ Alexis and Linux 0:11:03 ▶️ Which is the preferred Linux distribution? 0:12:01 ▶️ Recommended Linux distribution for beginners 0:12:33 ▶️ LinuxJourney.com 0:12:01 ▶️ Favourite hacking distribution 0:13:51 ▶️ The PenTester Framework 0:15:21 ▶️ Best method to install a distribution 0:16:46 ▶️ Recommendations 0:18:29 ▶️ Recommended distribution for real-world pentesting 0:21:44 ▶️ Starting YouTube channel 0:22:18 ▶️ Windows vs MacOS vs Linux 0:23:30 ▶️ Recommended laptop 0:27:16 ▶️ Other advice 0:28:38 ▶️ Recommended certifications 0:30:46 ▶️ Recommended pre-requisite skills 0:33:13 ▶️ HackerSploit Linux Essential for Hackers 0:34:01 ▶️ HackerSploit Windows 0:34:26 ▶️ HackerSploit Networking Fundamentals 0:35:11 ▶️ Get your fundamentals right 0:35:29 ▶️ Dirty Pipe exploit presentation 0:43:52 ▶️ Dirty Pipe exploit demo 0:55:14 ▶️ Exploit 1 0:57:03 ▶️ Exploit 2 1:00:23 ▶️ Learning how to change scripts 1:02:14 ▶️ Recommended script language 1:04:00 ▶️ Thoughts on Golang 1:04:44 ▶️ Recommendations for learning languages 1:05:41 ▶️ Closing thoughts // HackerSploit Linux exploit scripts // Dirty Pipe Github page: https://github.com/AlexisAhmed/CVE-20... Dirty Pipe Blog: https://dirtypipe.cm4all.com/ CVE details: https://cve.mitre.org/cgi-bin/cvename... // Hackersploit Videos // Pentesters Framework: https://www.youtube.com/watch?v=Bx3RL... Linux for hackers: https://www.youtube.com/watch?v=T0Db6... Windows for hackers: Nmap series: https://www.youtube.com/watch?v=5MTZd... Linux exploitation: https://www.youtube.com/watch?v=i-dQw... Windows exploitation: https://www.youtube.com/watch?v=Bzmlj... // Books // Privilege Escalation Techniques: https://amzn.to/3xcPHjf Automate the boring the stuff with Python: https://amzn.to/3LQA5Gl // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // HackerSploit // LinkedIn: https://www.linkedin.com/in/alexisahmed/ YouTube: https://www.youtube.com/c/HackerSploit Twitter: https://twitter.com/HackerSploit Academy: https://hackersploit.academy/ // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com linux kali linux kali linux hack linux hacking hacker linux exploit linux privilege escalation linux hack linux dirty pipe linux dirty pipe explained linux dirty pipe cve linux dirty pipe exploit linux privilege escalation ethical hacking linux priv esc priv escalation linux hackersploit hacking linux exploit linux dirty pipe dirty pipe linux dirty pipe cve linux vulnerability linux security linux exploits linux kernel linux kernel vulnerablity dirty pipe vulnerability #linux #linuxhack #hacking

10 Apr 20221h 7min

You are guilty until proven innocent! The network is slow! But is it actually a network issue? Or is it an application issue. Chris Greer explains. // MENU // 00:00 ▶️ Introduction 00:35 ▶️ Wireshark filters introduction 02:20 ▶️ Regular IP filter 05:28 ▶️ Common filters 07:10 ▶️ Operators in filters 08:19 ▶️ Where to get the filter Power Point 08:55 ▶️ Filter shortcuts 11:20 ▶️ Filter buttons 12:10 ▶️ TCP analysis flags 15:16 ▶️ Filter buttons (cont'd) 17:15 ▶️ TCP reset 18:35 ▶️ How to apply filter as display filter 20:08 ▶️ Experience vs Theory 22:19 ▶️ Special filters 29:00 ▶️ Time filters 38:22 ▶️ Consulting scenario 49:45 ▶️ HTTPS consulting scenario 55:33 ▶️ Other filters 56:46 ▶️ How to simplify p-caps 59:29 ▶️ Signature filters 01:01:39 ▶️ Quick recap 01:02:16 ▶️ Conclusion // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal //CHRIS GREER // LinkedIn: https://www.linkedin.com/in/cgreer/ YouTube: https://www.youtube.com/c/ChrisGreer Twitter: https://twitter.com/packetpioneer Pluralsight: TCP Analysis Course: https://davidbombal.wiki/tcpwireshark // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com wireshark packet analysis wireshark installation wireshark filters wireshark how to find ip address wireshark http wireshark ip address wireshark wifi sniffing wireshark tutorial tcp analysis packet analysis free wireshark tutorial tcp handshake wireshark training chris greer, roubleshooting with wireshark troubleshooting slow networks network troubleshooting packet capture tcp reset tcp connections network protocols packet capture using wireshark Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #wireshark #wiresharkfilters #networktroubleshooting

4 Apr 20221h 3min