#509: AI + Metasploit = Terrifyingly Easy Hacking is here (demo)

Big thank you to DeleteMe for sponsoring this video. Go to http://joindeleteme.com/Bombal to receive a 20% discount. Discover how attackers exploit enterprise VPNs like Fortinet to gain admin access and compromise networks. In this video, OTW exposes a real authentication bypass exploit, explains the risks of outdated VPN devices, and shares expert tips on Linux, TCPDump, and staying secure. Perfect for cybersecurity pros, penetration testers, and anyone serious about digital defense. // Occupy The Web SOCIAL // X: / three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: • Linux for Hackers Tutorial (And Free Courses) Mr Robot: • Hack like Mr Robot // WiFi, Bluetooth and ... Hackers Arise / Occupy the Web Hacks: • Hacking Tools (with demos) that you need t... // YouTube video REFERENCE // Hacking IP Cameras: • Hacking IP Cameras (CCTV) with Demos and R... Are VPNs even safe now?: • Are VPNs even safe now? Hacker Explains // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

16 Juli 35min

Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance of understanding both attack methods and defensive strategies in cybersecurity. Kyle also mentions free ethical hacking training resources available through Cisco Networking Academy (netacad.com) and future tutorials on Cisco U (u.cisco.com). // COMMANDS // Devices: client 192.168.1.10 server 192.168.1.11 ubuntu-honeypot 192.168.1.21 Nmap scan: nmap -sn 192.168.1.0/24 Verify Hydra installed: hydra -h Show wordlists: ls -al /usr/share/wordlists/ Crack with known username: hydra -l admin -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Crack with unknown username: hydra -L /usr/share/wordlists/top-usernames-shortlist.txt -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Create dir for Cowrie: mkdir cowrie cd cowrie/ Clone cowrie: git clone https://github.com/cowrie/cowrie . Launch the python virtual environment: python3 -m venv cowrie-env source cowrie-env/bin/activate Install python requirements: pip install --upgrade pip pip install -r requirements.txt Copy and edit the config: cp etc/cowrie.cfg.dist etc/cowrie.cfg vi etc/cowrie.cfg Setup port forwarding for SSH to Cowrie: sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 sudo iptables-save Start Cowrie: bin/cowrie start Check Cowrie status: bin/cowrie status View logs: tail -f var/log/cowrie/cowrie.log // Kyle Winter’s SOCIALS // Socials: / kyle-m-winters Cisco Blogs: https://blogs.cisco.com/author/kylewi... // Website REFERENCE // https://www.netacad.com/courses/ethic... https://u.cisco.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

2 Juli 12min

Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. See how Cisco engineer Kareem Iskander teams up with David Bombal at Cisco Live San Diego 2025 to build a self-healing network in real time. Using the new Model Context Protocol (MCP), Splunk logs, Meraki APIs, and Anthropic Claude, Kareem’s Python code lets an LLM detect configuration drift and automatically revert changes, no manual troubleshooting required. You will learn: • What MCP is and how it exposes trusted tools to an LLM • How Claude reads Splunk, correlates Meraki changes, and repairs configs • Why two lines of code can spin up an entire MCP server from OpenAPI specs • Where to find Kareem’s full code on GitHub and his upcoming Cisco U tutorial // Code // Get the code here: https://github.com/kiskander/mcp-splu... //Kareem Iskander SOCIALS // LinkedIn: / kiskander X: https://x.com/kareem_isk Cisco Blogs: https://blogs.cisco.com/author/kareem... // Website REFERENCE // https://github.com/kiskander/mcp-splu... https://u.cisco.com/tutorials/enhance... https://u.cisco.com/tutorials/network... https://u.cisco.com/tutorials/network... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

2 Juli 23min

Big thanks to Radware for sponsoring this video and sharing technical insights with us! David Bombal talks with Michael Geller (Radware) and Tim Sherman (Cisco) about how smart devices like fridges, cars, and cameras are being hijacked for DDoS attacks. They explain Web DDoS, encrypted Layer 7 threats, and how attackers bypass traditional firewalls. The discussion covers IoT botnets, API abuse, 5G core vulnerabilities, and how Cisco and Radware are defending cloud and edge infrastructure. // Radware’s SOCIALS // X: https://x.com/radware LinkedIn: / posts Website: https://www.radware.com/ // Web page REFERENCE // http://livethreatmap.radware.com https://www.radware.com/security/ddos... https://www.radware.com/solutions/web... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: https://open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Your Firewall Won’t Save You From This Stop Is Your Car Launching Cyberattacks Your Home Appliances Weaponized by Cybercriminals DDoS Just Got Smarter Layer 7 Is Nightmare How Default Bots Cripple Hospitals and Systems Electric Cars Under Siege from Smart Devices Cybersecurity Blind Spot Your Car Is Compromised The Hidden Threat Everyday Devices Hacked Now Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

26 Juni 43min

Big thanks to Radware for sponsoring this video and sharing technical insights with us! // Radware reports REFERENCE // Executive Summary: https://davidbombal.wiki/2025threats 2025 Global Threat Analysis Report: https://davidbombal.wiki/2025threatsu... // Pascal Geenens’ SOCIAL // LinkedIn: / geenensp Website: https://www.radware.com/ // Radware SOCIAL // YouTube: / radwareinc Webinars: https://www.radware.com/newsroom/events/ LinkedIn / radware // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 01:03 - Intro 01:40 - What are the Reports About? 06:59 - Hacktivists (Dark Storm Team) 10:19 - DDos For Hire (Telegram) 13:24 - Check-Host.net 14:27 - Dienet 19:44 - How to Bring Down a Website 21:46 - DNS DDoS Attacks 26:28 - HTTP/2 29:22 - Botnet Capability 31:51 - Noname057 35:09 - Home Routers (TRS-069) 39:05 - Bullet Proof Cloud Services 45:13 - Vulnerable IoT 49:04 - Shodan (IoT Search Engine) 50:07 - Downloading Threats 52:45 - Application Programming Interfaces (APIs) 57:15 - Artificial Intelligence (AI) 01:06:49 - The Fight Against Bad AI 01:08:49 - How to Protect Yourself 01:14:52 - What is Radware? 01:16:00 - The Struggle of Downloading Models 01:20:06 - Should AI Keep your Data? 01:22:01 Connect with Pascal 01:22:36 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

2 Apr 1h 23min

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // GIVE AWAY// Gerald is giving away 10 seats in the Simply Cyber Academy GRC Analyst Master Class (Value: $149) to 10 lucky David Bombal viewers. To enter the giveaway go here: https://gleam.io/VVK24/simply-cyber-g... // DISCOUNT // To get 10% discount on Simply Cyber Academy GRC Analyst Master Class go here: https://simplycyber.io/grc use the following discount code BOMBAL10 // Gerald Auger’s SOCIAL // YouTube: / @simplycyber Website: https://www.simplycyber.io X: https://x.com/gerald_auger LinkedIn: / geraldauger Discord: https://simplycyber.io/discord // Daily Cyber Threat Live Stream REFERENCE // / geraldauger // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:53 - What is GRC (Governance, Risk and Compliance)? // GRC explained 04:42 - Businesses taking cyber security more seriously in 2025 07:21 - Is GRC a good career path? 09:58 - Cyber security careers are vast: pick your path 14:49 - Introverts can be successful in GRC 15:47 - GRC for the younger generation // The importance of networking with people 17:57 - Simply Cyber livestreams, live podcasts and discord community 19:17 - How to get started in GRC 20:35 - GRC Analyst Master Class 21:30 - How to get started in GRC (continued) 22:51 - Course giveaway and discount 23:42 - Simply Cyber Daily Cyber Threat Brief 26:51 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

18 Mars 26min

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Danny Jenkin’s SOCIAL // X: https://x.com/threatlocker LinkedIn: / dannyjenkinscyber // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Languages the ThreatLocker CEO can code in // Being a CEO that is technical 02:04 - How Danny became CEO // The backstory of Danny Jenkins, CEO & Co-Founder of ThreatLocker 08:37 - Being a technical CEO 10:28 - Having a team that is dedicated 13:23 - The importance of being technical and understanding every department 14:21 - Lessons learnt and advices 17:30 - Long-term vision for ThreatLocker 18:30 - What lead to starting ThreatLocker 19:59 - New releases from ThreatLocker 21:18 - Thoughts on AI // The influence of AI in cyber attacks 24:35 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

14 Mars 25min

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Luke Lafreniere’s SOCIAL // YouTube: / lukelafreniere YouTube: / @linustechtips LinkedIn: / luke-lafreniere-44138795 X: https://x.com/luke_iafr // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

 // MENU // 0:00 - Coming up 0:36 - Luke from Linus Tech Tips irl 01:00 - Thoughts on the Rubber Ducky 02:48 - Thoughts on the O.MG cable 03:23 - The Linus Tech Tips breach // Using ThreatLocker as a solution 04:24 - Threat levels for the company 07:22 - Securing a growing company 10:41 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

8 Mars 10min