David Bombal

Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal AI can turn weeks of coding into seconds, but at what cost? Katie Paxton-Fear demonstrates how to use Gemini to generate a sprint plan and Cursor to build a Python port scanner from natural language. It works… and that’s the problem. We unpack how “vibe coding” blinds even pros to security, why these tools aren’t production-ready, and the guardrails you need for ethical hacking and internal tooling. What you’ll learn • How to turn ideas → sprint plan → working code (Gemini + Cursor) • Why silent vulnerabilities make AI-built apps risky • Ethical hacker use cases (agents, scanners) without shipping insecure code • Policy tips: disclosure, internal use, avoiding shadow IT Tools mentioned: Gemini, Cursor (AI IDE), Claude (briefly), v0 // Katie Paxton-Fear SOCIALS // Website: https://insiderphd.dev/ LinkedIn: https://www.linkedin.com/in/katiepf/?... YouTube: / insiderphd X: https://x.com/InsiderPhD // YouTube video REFERENCE // • Vibe Coding in Cursor for Cyber Security // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Menu // 0:00 - Coming Up: AI Vibe Coding Explained 01:08 - Intro with Katie Paxton-Fear (Cybersecurity Expert) 02:53 - ThreatLocker Security Overview 03:06 - What is Vibe Coding in AI Development? 04:51 - Live Demo Example of Vibe Coding 05:20 - Google Gemini and Gems for Coding 08:22 - Cursor AI and Writing Code Faster 09:59 - Coffee Break (Quick Pause) 10:02 - Risks of Vibe Coding in Cybersecurity 11:24 - Port Scanner Explained 11:34 - Vibe Coding Pros and Cons (Full Breakdown) 14:02 - Port Scan Results Analysis 14:22 - Why AI Code Isn’t Production Ready Yet 15:53 - Katie’s Final Advice & Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. Key topics: vibe coding, AI coding, port scanning, secure-by-design If you’re experimenting with AI coding, watch this before you deploy anything. #blackhat #vibecoding #security

1 Sep 18min

Big thank you to Proton Pass for sponsoring this video. To sign up for Proton Pass, please use the following link https://proton.me/davidbombal to get a 60% discount. Cybersecurity icon Mikko Hyppönen sits down with David Bombal at Black Hat to explain his bold move from antivirus to anti-drone defense after 34 years. He breaks down why mobile operating systems are the biggest security improvement of the past 15 years, how attackers have shifted from device exploits to human scams, and why he believes defenders currently have the edge with AI. They unpack the rise of fiber-tethered drones that evade RF detection, the coming reality of autonomous “killer robots” (not yet here—but inevitable), and the grim state of privacy as everyday IoT devices go online by default—his “internet asbestos” warning. Mikko also reflects on achieving keynote goals at DEF CON, RSA, and Black Hat, and shares career advice: set goals, don’t drift. Topics: mobile OS security, social engineering, AI for defense, zero-day research, drone warfare, privacy and encryption policy, IoT risks, career pivot. // Mikko Hypponen’s SOCIALS // X: https://x.com/mikko Website: https://mikko.com/ LinkedIn: https://www.linkedin.com/in/hypponen/... // Books REFERENCE // If it’s smart it’s vulnerable: US: https://amzn.to/41lkSaG UK: https://amzn.to/4oTpOgN // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:56 - Mikko Hyppönen keynote talks 01:51 - Proton Pass sponsored segment 04:09 - Pivoting from cybersecurity to anti-drone 09:28 - Humanoid robots are near 09:54 - How cybersecurity has improved 12:11 - Defenders have the advantage with AI 15:26 - Pros and Cons of the AI revolution 16:57 - Privacy is dying 21:36 - Advice for your future // Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

1 Sep 22min

To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription. Recorded at Black Hat with David Bombal, this conversation with Caitlin Sarian (@CybersecurityGirl) traces her path from aerospace engineering and LA Galaxy cheerleading to cybersecurity leader and viral creator. She explains how posting 3×daily on TikTok led to ~500K followers and a role at TikTok (global cybersecurity advocacy & culture), why she left after a year, and how she’s now helping others via Cyber Career Club. // Caitlin Sarian’s SOCIALS // Website: https://www.cybersecuritygirl.com/ Instagram: / cybersecuritygirl YouTube: / cybersecuritygirl LinkedIn: / caitlin-sarian TikTok: / cybersecuritygirl // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:29 - Intro 01:01 - Brilliant Ad 02:22 - Caitlin's History with TikTok 06:25 - Caitlin's Story 10:19 - Caitlin's Professional Journey 18:09 - How to be an Influencer 19:42 - Why you Need a Team 21:22 - Why you Need to Network 23:58 - All the Areas of Cyber 24:49 - Caitlin's Advice to her Younger Self 27:22 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #blackhat #cybersecuritygirl

1 Sep 28min

To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription AI hype meets harsh reality. In this Black Hat interview, David Bombal talks with Gary Marcus (Professor Emeritus of Psychology and Neural Science at New York University, and AI Expert) just minutes after GPT-5’s announcement. Marcus explains why GPT-5 is only a small step forward, the truth about hallucinations, why AI coding agents pose massive cybersecurity risks, and why we may be years away from true AGI. If you want the unfiltered truth about AI progress, safety, and the future of large language models, watch this. // Gary Marcus’ SOCIALS // X: https://x.com/garymarcus Website: https://garymarcus.substack.com/ // Books REFERENCE // Mikko Hypponen: If it’s smart it’s vulnerable US: https://amzn.to/45Rc9PV UK: https://amzn.to/3V1tJdP Gary Marcus’ books: The Algebraic Mind US: https://amzn.to/4lxsca5 UK: https://amzn.to/45ASH8C Kluge: The Haphazard evolution of the human mind US: https://amzn.to/3V0gZnE UK: https://amzn.to/4mlzrn0 Rebooting AI: Building Artificial Intelligence We Can Trust US: https://amzn.to/45RhZRh UK: https://amzn.to/4lt7WGC Taming Silicon Valley: How we can ensure AI works for us US: https://amzn.to/4mH0Jnk UK: https://amzn.to/4oHO5GM Guitar Zero: The science of becoming musical at any age US: https://amzn.to/47uF2Ta UK: https://amzn.to/4oygoYd The birth of the mind: How a tiny number of genes create the complexities of human thought US: https://amzn.to/4oBnafB UK: https://amzn.to/3JimD1Y // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 01:00 - Intro 03:30 - Brilliant Ad 05:16 - Understanding the AI Hype 07:51 - Are Agents Writing Secure Code? 10:34 - Vibe Coding 11:56 - Should Agents Run Everything? 14:56 - Why do LLMs Hallucinate? 18:30 - Are AIs Intelligent? 20:21 - Will LLMs Stop Hallucinating? 24:50 - AI Security 29:24 - Will AGI Ever Happen? 31:48 - The Future of AI 35:08 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

18 Aug 35min

Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Discover “Chasing Your Tail,” an open-source surveillance detection tool you can build with a Raspberry Pi. In this exclusive Black Hat interview, creator Matt explains how it tracks Wi-Fi, Bluetooth, and even tire sensors to spot if you’re being followed, then flips the script to map where your followers spend time. Learn the origins of this tool, from avoiding surprise visits to protecting informants and aiding search & rescue. We cover the tech stack (Kismet, Python, GPS integration), real-world success stories, and how you can set it up yourself for under $100. Perfect for security pros, privacy advocates, and tech enthusiasts. // Matt Edmondson SOCIALS // SANS: https://www.sans.org/profiles/matt-ed... LinkedIn: / matt-edmondson-759aab2b X: https://x.com/matt0177 Matt’s Block: https://www.digitalforensicstips.com/ // GitHub Code REFERENCE // https://github.com/ArgeliusLabs/Chasi... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Menu // 0:00 - Coming up 0:35 - Chasing your tail update // How it started 03:27 - Threatlocker sponsored segment 03:45 - What's in the box and how it works 07:37 - "It's basically free to build it" // Components used 09:20 - What coding language it runs on 11:25 - Unique network IDs in real life 12:47 - Tracking MAC addresses 14:51 - How to know who is tailing you 15:36 - How the device have helped people 16:49 - Tracking Bluetooth 18:23 - Reach out to Matthew Edmondson 19:04 - Black Hat Arsenal explained 19:52 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

18 Aug 19min

David Bombal is joined by Gerald Combs, the creator of Wireshark, and Chris Greer, a well-known Wireshark trainer, for a comprehensive discussion about the past, present, and future of the world’s most popular network protocol analyzer. They explore how Wireshark was originally created as an open-source alternative to expensive packet sniffers, the evolution from its first release in 1998 (as Ethereal), and the community-driven development that led to over 2,300 contributors worldwide. The video also dives into the transition to the Wireshark Foundation, a nonprofit organization dedicated to supporting the tool and educating users globally. Topics covered include: The early days of Wireshark and why it was built The story behind the name change from Ethereal to Wireshark How Windows compatibility helped Wireshark go mainstream The launch of SharkFest and what makes it unique as a community-driven conference What attendees can expect from SharkFest in the US and Europe, including beginner-friendly tracks, expert sessions, and interactive challenges like Packet Doctors How the Wireshark Foundation supports the community and ensures long-term sustainability The introduction of the Wireshark Certified Analyst (WCA) certification and what it means for networking and cybersecurity professionals Real-world use cases for Wireshark in ethical hacking, packet forensics, and cybersecurity training The announcement of StratoShark, a new open-source companion tool for analyzing system call data and cloud logs with a familiar Wireshark-like interface Whether you're a network engineer, a cybersecurity professional, a developer, or just curious about how network analysis tools are built and used, this video provides deep technical insights, inspiring backstory, and practical guidance on how to level up your skills. // Website links REFERENCE // https://wireshark.org/certifications https://packetschool.teachable.com/?a... http://packetpioneer.com/courses https://stratoshark.org/ https://sharkfest.wireshark.org/ // Chris’ SOCIAL // X: https://x.com/packetpioneer YouTube: / @chrisgreer LinkedIn: / cgreer // Gerald Combs SOCIAL // LinkedIn: / geraldcombs // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

16 Juli 44min

Big thank you to DeleteMe for sponsoring this video. Go to http://joindeleteme.com/Bombal to receive a 20% discount. Discover how attackers exploit enterprise VPNs like Fortinet to gain admin access and compromise networks. In this video, OTW exposes a real authentication bypass exploit, explains the risks of outdated VPN devices, and shares expert tips on Linux, TCPDump, and staying secure. Perfect for cybersecurity pros, penetration testers, and anyone serious about digital defense. // Occupy The Web SOCIAL // X: / three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: • Linux for Hackers Tutorial (And Free Courses) Mr Robot: • Hack like Mr Robot // WiFi, Bluetooth and ... Hackers Arise / Occupy the Web Hacks: • Hacking Tools (with demos) that you need t... // YouTube video REFERENCE // Hacking IP Cameras: • Hacking IP Cameras (CCTV) with Demos and R... Are VPNs even safe now?: • Are VPNs even safe now? Hacker Explains // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

16 Juli 35min

Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance of understanding both attack methods and defensive strategies in cybersecurity. Kyle also mentions free ethical hacking training resources available through Cisco Networking Academy (netacad.com) and future tutorials on Cisco U (u.cisco.com). // COMMANDS // Devices: client 192.168.1.10 server 192.168.1.11 ubuntu-honeypot 192.168.1.21 Nmap scan: nmap -sn 192.168.1.0/24 Verify Hydra installed: hydra -h Show wordlists: ls -al /usr/share/wordlists/ Crack with known username: hydra -l admin -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Crack with unknown username: hydra -L /usr/share/wordlists/top-usernames-shortlist.txt -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Create dir for Cowrie: mkdir cowrie cd cowrie/ Clone cowrie: git clone https://github.com/cowrie/cowrie . Launch the python virtual environment: python3 -m venv cowrie-env source cowrie-env/bin/activate Install python requirements: pip install --upgrade pip pip install -r requirements.txt Copy and edit the config: cp etc/cowrie.cfg.dist etc/cowrie.cfg vi etc/cowrie.cfg Setup port forwarding for SSH to Cowrie: sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 sudo iptables-save Start Cowrie: bin/cowrie start Check Cowrie status: bin/cowrie status View logs: tail -f var/log/cowrie/cowrie.log // Kyle Winter’s SOCIALS // Socials: / kyle-m-winters Cisco Blogs: https://blogs.cisco.com/author/kylewi... // Website REFERENCE // https://www.netacad.com/courses/ethic... https://u.cisco.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

2 Juli 12min