Real World Hacking Demo with OTW
Key Takeaways
This video demonstrates a real-world SQL injection attack used in the recent MOVEit hack, with a focus on cybersecurity and hacking techniques, and is sponsored by Juniper Networks, which offers free training and certification for networking, security, and DevOps.
Full Transcript
this is real hacking this is not Tick Tock hacking oh we have a problem they're trying to stop me it's okay if I can just get past that firewall we might have a chance the organization who has been executing these hacks is a a company a company a group uh known as kops you know and they have a website on the dark web where they keep track and they show you who they pack so this has been now it has been exploited but uh move it or progress is trying to get everybody to patch but as we know not everybody patches when new patches come out since the attack has come out we have a proof of concept that has been developed and let me show you that this is a proof of concept of the exploit I've got it over here in C here it is okay this is something I really love you can get free training using the link below go go to juniper.net David bomble and get free networking training free security training devops training a whole bunch of other training for free from juniper not only do you get free training but if you go through their assessments you can get a discount on your exam and you can get certified for $50 at the associate level for example I really want to thank Juniper for sponsoring my channel really want to thank them for creating this free training and making it affordable to more of us many of you have told me that it's difficult to pay for some of the training out there but here's your chance you can get free training from juniper and by going through an assessment you can get your exam for a very good price $50 I love this kind of stuff I love it when big companies support the community and help educate and change lives big shout out to Juniper for doing this everyone David Bumble back with occupy the web he is my most requested guest so really happy to have him back occupy the web welcome hey thanks David it's always good to be on the best it and cyber security Channel on YouTube I really appreciate you saying that occupy the web and you are one of the big reasons uh that people love my channel I'll just say this for everyone who's watching I was on Reddit the other day and someone commented about David's YouTube channel isn't so good but what keeps it good is occupy the web so occupy the web thank you for making my channel great I enjoy it it's it's always good time with you David so just for people who haven't seen our previous videos he's the author of this book Linux basic for hackers fantastic book look on Amazon gets amazing reviews also Network basics for hackers as well as getting started becoming a master hacker occupy the web I know you don't like to give timelines but I've had people say when is your new book coming so you hopefully we're going to see another book from you at some point right probably see two new books for me next year in 2024 um the one that I keep on getting questions about is the Cyber Warrior handbook and uh and that one probably become coming in late uh 2024 so look for that it's going to be based upon a lot of our experiences in Ukraine it's going to be cyber Warrior right what what what kind of techniques what kind of of hacks did we use in uh Ukraine and what other cyber Warriors can use in the future so look for that that's coming from no starch press we hope to have some updated uh editions of the other books as well coming out so I'm I'm working on I'm working on it it's it's it's you know a lot of people think that you know writing a book is a quick and easy process but it it takes it takes time and you have to work with editors and you know and and companies who then publish them and sometimes you know it it it's a year between finishing a book and actually having it published so so just kind of be patient folks I don't know where you get the time because you're doing so so many other things as well so I really appreciate you know taking the time to share uh your knowledge on YouTube um and I believe today we've got like a really interesting topic that's you know very fresh so as I said offline I want to keep quiet and let you take us on this journey so move it I believe is is what it's about right yeah move it is um move's the software that is a file transfer software that's used by a lot of large organizations around the world and it's been hacked and it's compromised a lot of company it's going on right as we speak it began at the end of May okay we started seeing it and it's happening well this morning okay we saw Taiwan semiconductor got hit with it and the list of companies is really really long I could just name just a few Seamans uh Schneider Electric UCLA Air Lingus BBC British Airways and and many many more and so I think we're up to about 150 companies that have been hit and this is still taking place I can show you you the the well the organization who has been executing these hacks is a a company a company a group uh known as kops you know and they have a website on the dark web where they keep track and they show you who they pack and if you want I can show you their here okay this is ks's website this is on the dark web um and they have a long list of companies that they've hit uh I didn't know they hit Nuance too okay and just more and more every day and this is kind of their it's it's a Russian language web Russian language group who's doing this this is U starts off says we got a lot of emails about government data we don't have any government data anything directly residing on exposed or bad protected not encrypted file transer very poor English right these these guys are Russian language um native speakers and they've been been very effective you know we've talked on here before about real live hacks that sometimes take weeks months years it's apparent that these guys have been working on this for at least two years okay two years to to be able to execute this we we see them scanning these sites as of two years ago I think it was July 2021 is the first time we saw them scanning sight so they've been working on this for at least two years one of things that they they say here is that I find kind of humorous is that they say we are penetration testing service okay wow so they're calling themselves a penetration testing service we are only financially motivated and do not care anything about politics now I find that a little disingenuous maybe is the best word for it when somebody says they're not interested in politics and explicitly states that I I get I question that right why are you saying this because one of the things that we note is that the the focus of these attacks are against companies in Britain and companies in the us both of who are major supporters of Ukraine in the war with Russia and this is a Russian hacking group right yeah and and basically they are a ransomware organization but in this case they they don't look like they're ransoming they're more extorting money from the organizations they're saying we've got all your your data unless you pay us we're going to reveal all of your credit card information personal identifiable information of your customers in the case of Taiwan semiconductor it looks like they may actually have intellectual property that is important for Taiwan semiconductor who is the largest boundary of semiconductors in the world you can see down below it as we see BBC decide to take what we told them in email and like what most media do twisted to their own interest so here's kind of instructions they give the people who they've uh they've hit about what they need to do to be able to avoid and basically they're extorting money out of uh companies and this is a piece of software that's mostly used by very large organizations to be able to transfer data safely they thought yeah supposedly safely between different Cloud organizations Cloud groups I like that they they sign it off as friendly clop friendly clop here at the bottom right friendly as long as you pay us millions of dollars in rent of right as long you pay and I think they're asking $70 million from Taiwan semiconductor as of this morning this is a this is a pretty serious situation and like I said they've work been working on at least two years there's a couple of there's at least two different vulnerabilities involved in here and there there's one the first one was cve 2023 34 362 and then there's cve 2023 3578 all right here it is in Pro progress is the name of the company progress move it transfer before 2021 06 you can see the the version numbers there a SQL injection vulnerabilties been found in the move it transfer web application that could allow an unauthenticated attacker to gain access to move its transfer database depending on the database engine being used you see people are using various databases MySQL SQL Server aour uh they can basically take over and move the data to wherever they want and they can put they can get themselves CIS admin privileges as well as then put in remote code execution uh they can put their own remote code into it and and exultate the data from the database um this is see it's a it's a severe very severity is very high okay 9.8 right here that's about as high as you can go you go to 10 so this is pretty serious it's interesting because a lot of people would say on YouTube you know SQL injection is old school no one's going to use it anymore but's an example of it just being used like you talk that's interesting comment I know a lot of people say that they say Hey you know SQL injection is nobody uses that anymore yeah well here's here's the truth all right SQL injections been around since the beginning of the web all right and so when if you have gone through a cyber security class or hacking class they probably demonstrated a really simple SQL injection where you can send SQL commands so let's talk about what SQL injection is SQL injection is sending SQL commands through a web form okay to the backend database as you know almost every website has a backend datab base and this MySQL is probably the most popular the open-source database that's now owned by Oracle and the way to prevent SQL injection is to basically sanitize the inputs so that means that you don't allow SQL commands to go to the backend database and in some cases you don't allow any of the SQL uh special characters or s keywords go to the backend database but there's ways of getting around it and that's what these folks did they looked at the code and they were able to figure out ways to get around that sanitization process and so they were able to send some SQL commands into the database that basically gave them they added themselves in as a admin user in the database and then once they're as admin they can do whatever they want it might be interesting to take a look at showan to see how many of these systems there are in the world showan is a website that cat it catalogs all of the banners that websites and ports on on websites present to themselves and you can find an awful lot of interesting stuff on it so we can go and we're using the the favin to be able to identify and so uh these are just 2,000 systems that are still connected now as of a few days ago was 2500 and so now we're at uh down to about 2100 there's at least two ways to be able to find these websites one of them is using the favicon that's specific to that particular piece of software and of course you could also just put in move it right and that'll reveal about 500 in the header oh 780 okay more than I remember here's Seaman's energy okay these are the guys who just got hit recently Seaman's energy and these are the companies who are using move it you can see it right here it's in there's move it there's move it move it transfer SFTP these are the companies who are using move it now move it or progress software has gone ahead and put out some patches but it seems like every once a week we find or they find and other people find more vulnerabilities in the software that allows uh Klo to be able to take over these websites and ex filtrate you know terabytes of data that um they can then use and hold for ransom from these companies these are big big companies you're not going to find small companies using this uh it's mostly you can see some of the organizations listed here this is how Klo is finding their targets and is one of the ways they're finding their targets it's simply looking it up in showan and some of the other search engines they can find um and we're seeing there's still a lot of them they still connected to the web since the pack has come out we have a proof of concept that has been developed and let me show you that this is a proof of concept of the exploit I've got it over here in C here it is it's a I don't know how many lines 300 lines or so and you can see that there's a some SQL injection right here and they're basically inserting into the database some tokens to give them access says create our SQL injection statement right here now generally when people think about SQL they're usually thinking about some select from wear statements right these are insert and update statements this allows them to insert themselves as a user and even a privilege user on the site all right and once they have privilege user they can log in you can see it allow logins with an external IP okay insert into host permits and then going ahead inserting themselves to permit their IP address and it's kind of there's some interesting analysis on the web by Horizon ai3 I think is the name of the company and and Huntress and a few others I think also rapid 7 has done some good analysis of the exploit one of the things that they did and often times what we do to be able to determine how an exploit works if you simply take a look at the code the moit code both before and after the Patch right so those of us who are on the outside who are privy to what's actually going on you can simply look at the code before a patch and after the Patch and see what the differences are and then once you see what those differences are then you can recreate the exploit and that's what basically where this comes from right here is that this proof of concept comes from basically reading the patches so when we see how the company tried to close the vulnerability we can see what they did and then recreate the exploit so that's what this is here this is basically recreating the exploit or reverse engineering the exploit based upon looking at the patch that was built for this particular exploit one of the things you know that you're often taught in uh in SQL injection let's see what we want we've got a I just got a little database up here this is TB Beaver it's a it's a a gooey for working in databases in ki and in other Linux distributions but generally you when you talk about a a SQL injection what they'll teach you is to do something you know they go select just going to write a few simple SQL statements so generally what they'll teach you is something like this okay select star from all right and then a table name say you see this is a sample database over here so it's select star from say album all right okay and then where artist ID let's go name where let's change it to instead of album we'll change it to artist just to make it more interesting we're artist and we'll go name is equal to whatever right we could go let's go ahead and uh let's take a look at this database just get so we can put together some examples here I'm going to go ahead and execute and here's you know here's some of the the people who are in that database it's all musicians let's try something that's a Aerosmith is easy to to go ahead and we're going to go where I was just thinking of that as an easy name yeah where a name is equal to and you got to use the when you're talking about text it has to be in single quotation marks and let's go Arrow Smith when you're talking about SQL all right so then you can go ahead and just go and get enter all right so here we have this is a simple select statement it's called a query in SQL and what we've done is simply asked the database for this particular select all the columns to start from the table artists you see the artist over here where name is equal to Aerosmith now typically in when people are teaching how to do SQL injection what they'll do is they'll throw in dash dash okay Dash Dash is a comment character so this means that everything that comes after it is not seen by the database so you know the classic is or one is equal to one and this would be actually sending this back through a form and I'm just going to show you the classic SQL injection and then what these guys did which is really quite different and quite advanced so here this is this is the classic one that's taught in all hacking cyber security classes I'm going to expand it a little bit so here's a login form where it's asking us for a name and a password what happens is that one can go ahead and put in their name and then use a single tick all right to close because the the form has a single tick on its side right you have to close the single tick and then go or now this is a logical or so it has to be either OTW is a user in the database or one is equal to one which is always true and then dash dash which means that everything that follows after it is going to be ignored all right this is the classic that is used you know everywhere to teach SQL injection now if I were to be able to if I'm building a web application and I don't want SQL injection to take place what I will do is I will try to strip out you know these ticks and these dash dash what have so they don't get past the form into the database unfortunately what happened is that in the case of mve it they left the ability to put commas between the fields okay commas between the fields and the uh the clop folks were able to uh exploit those commas by stripping out the commas and being able to do their own injection here's the here's the Horizon website okay and this is these are the folks who want the first to come out with a good analysis of it okay here you can see the path to SQL injection so path that the vulnerable user get users with email address that's the that is the function that has a SQL in it that they are able to exploit and what they were able to do okay here's the email add address here is that the function goes ahead and allows them to to put here it is right down below here all right select username and you can see if you look closely that there are some commas there's commas between the fields right here and what they did was able to exploit that you see it says right here it says the part of the query and email okay has been uncleaned argument mean that they didn't strip out and sanitize the input the only cavey has injected that prior to the call the self-provision re receipts variable is split on commas our injected SQL statement should avoid having commas to continue proper execution we can work around needed needing commas by reusing the SQL injection several times to do sequential statements such as insert and update now as we found as we see over here in the proof of concept here we go back here that's what they're doing here is that they're going ahead and doing inserts at updates to the database and they're inserting themselves into the database they're inserting themselves as users they've created a fake token and then they've inserted their you see it right here insert into token ID values token ID and then they've updated the user external tokens and then they've gone ahead down below and inserted into the database their IP addresses that you know this is a system that has that has whitelisted IPS that means that they only allow certain IPS to connect to this application so what they've done is go ahead and put in their own IP addresses so that it permits them to access these uh this data that's built into these cloudbased database services and so this is a pretty sophisticated and took a fair amount of time for them to be able to find this SQL injection vulnerability this is an example of improperly sanitized SQL where they tried to strip out any of the special characters but they missed one and as a result they were able to exploit this but once again this is years of work of trying to analyze this code to be able to find this one flaw in the way that they took the data that's input through the form and then sent it back to the data so almost every form every form we probably say pretty close to every form has to take the data that you put into the form and send it back to the database whether it's authentication or if you're like searching for a product or you're searching for a particular customer the when you go ahead and do a search on the form to be able to find a customer or a product then that's taking that information that you have put input into the form and and then taking that and putting it into a SQL statement SQL query and pulling the data off the database and showing you oh here's the product that all meet that criteria or here are the customers that all meet that criteria in the old days it was pretty easy to be able to do SQL injection the classic one just using that one is equal one is equal to one and using the dash dash but now people have gotten pretty sophisticated and are stripping out all of that SQL special characters but occasionally they make a mistake and here's an example of where they made the mistake and and as a result we have you know millions of dollars worth of extortion or Ransom that's being paid uh to this particular Russian speaking group now we say Russian speaking group doesn't necessarily mean that they're Russian they could be there's many countries where Russia is still a primary language and many people for instance in Ukraine speak Russian and all the other Russian Republics are now free countries Russia is still the dominant language but we don't know where these guys are from the US government has offered a $10 million bounty to be able to identify them this is pretty impressive work you know this is a this is an example of somebody spending years and years analyzing code to be able to find and in this case they probably didn't have the code itself what they were doing is they were probably simply sending in puts and what one of the things that you do to find an exploit in any piece of software is what's called fuzzing and fuzzing is the process of sending random or semi- random inputs into an application to see if you can break it that's that's fuzzing there lots of different fuzzing tools that are out there my guess is that that's what these guys did is that they fuzzed this and they fuzzed it for years using multiple types of input to be able to break the software and then once you break it then you can analyze to see what caused it to break and I think no like I said this took them two years of doing this and you know it's not you know it's not the YouTube video or the Tik Tock video where it's 30 seconds or less to take over a Taiwan semiconductor or a BBC or British Airways this is years and years of tedious work that's involved in it so this is real hacking this is not Tick Tock hacking oh we have a problem they're trying to stop me it's okay if I can just get past their firewall we might have a chance and this is where it take a lot of really talented and smart people years of work to accomplish it and it was because the comma right that's the that was the that was the door the comma it allowed the commas to be able to be passed exactly and they were able to exploit that to be able to do their own SQL injection and the injection is different than typically is taught in hacking class and that these are these are inserts and updates right so when we go ahead and put a new line into a database it's an insert statement okay when we want to update a line in the database it's an update statement so this is a little bit different than the query that we working on the simple query we working on here so we can update the database if we have proper credentials right is do it update or insert and if you've ever looked at the code that creates a database it's full of inserts and updates and that's what these guys were doing they were inserting themselves into the database that that decided who could have access so these were these were a database of authorized users and they put themselves in and then gave themselves the permissions and put themselves the IP white list so they could access the database and that's all you can find all of that in that proof of concept and I think that proof of concept if I remember correctly comes out from the Horizon as well you can take a look at it and analyze it yourself but here it is here it's a python script and then it starts off by just creating a bunch of functions okay it sends a post request to the G guest access aspx with specific data this data causes the guest access aspx to generate create a crsf token for our current session so that's where they begin and they you know rather than going through every late code but where they end up is inserting themselves into the authorized user database and are able then to to act just like the root or CIS admin and do all of that that individual can do and they just exfiltrated the data and then are holding it hostage until they get paid occupied the web that's amazing thanks so much for the demo I got some questions so um you mentioned that two cves you've shown us one right what was the second cve about uh second cve is is similar it's 2023 3578 let's put that up on the screen as well it's another SQL injection it's a same product at a different place though says in progress move it uh transfer and gives you the verion numbers a SQL injection vulnerabilities been identified in the move it transfer web application that could allow an un at attacker to gain unauthorized access to move its transfers database very similar but it's a different location this was found about two or three weeks after the initial and I think this one originally was this one was found was not being exploited in the wild it was actually one that was discovered by researchers while they were looking at the code and they were trying to figure out you know what had happened I think Huntress is the company uh that actually discovered this particular vulnerability in the same code in the same product in a very similar way just in a different place in the code so this has been now it has been exploited but uh move it or progress is trying to get everybody to patch but as we know not everybody patches when new patches come out and sometimes people wait days weeks months and obviously Taiwan Taiwan semi conductor got hit today they know that they've got this software and they know Apache is out there but they haven't gone ahead and patched it yet and they may end up paying as many as $70 billion or $70 million by the way if those who don't know Taiwan semiconductor Taiwan semiconductor is the largest semiconductor Foundry in the world they're not necessarily a developer of chips they are a maker of chips they're like a manufacturer of chips so they've got huge revenues and they could pay a 7 million Ransom and we'll see if they do it's just I mean what's so fantastic about this um video and I really appreciate you sharing is you've taken us from the look this is the theory this is what you learn in a class to here's it actually being used in the wild and um I think a lot of people make the mistake with like SQL injection and stuff saying this stuff will never happen I get these comments always on YouTube this is so dumb it will never happen um for various Technologies but she has an example of it actually being used at the moment exactly and what I've said before we've talked about previously is that these things you know were easy to do 20 years ago could you could do that simple SQL injection I mean I think I was able to do those simple SQL injections as little as like 10 years ago right there were still some websites that you could use those those simple SQL injections and get authorized on that particular website but most software today has been updated improved and become more secure so you have to be more sophisticated doesn't mean that it can't be done means that you need to up your game to be able to use that type of of SQL injection but most websites know you're not going to be able to do one is equal to one Das Dash and be able to authenticate yourself on the system you might find some I mean there's probably somewhere on the web some old website that somebody's left behind with old software on it and you could do that but when you're talking about secure sites right then you got to get a lot more you you need to really up your game to be able to do at attack like this this like I said took at least two years probably with a dozen researchers working for two years to be able to Dev this so the question is always how do I learn this stuff have you got a class because I know you run lots and lots of classes are you covering this in any of your courses well we do uh we do an advanced web app uh hacking course that we just finished up and we did we focused on that class A lot of it on Advanced SQL injection really not this sophisticated even even in that class it's an advanced web app packing class and even at that we didn't get this sophisticated this is really this is you state-ofthe-art this is you know this this is Big Time hacking this is AP type of hacking you know there's it like I said you you would have to spend years of research to be able to find this vulnerability but yeah we do have a class called Advanced web app hacking we also have database hacking where we focus on squel injection and there's lots of different SQL injection type of attacks this is kind of the state-ofthe-art the most sophisticated SQL injection you're going to see out there there are other SQL injection attacks you know there's there's the classic Union statement just kind of give you a if you've ever been into a SQL injection class you know the classic is the union statement so sometimes you can go ahead and stack statements on top of each other so in SQL we have a the ability to be able to stack queries on top of each other all right so here we go Union and what a union command does is allows you to take one query and stack it on top of another query and then sometimes in the form you can go ahead and connect one query to another query but there's a rules of it and the rules are that you have to have the queries have to have the same number of columns otherwise it'll throw an air but sometimes the eror can be really useful to an attacker one of the things that we teach people who are on the defensive side is do not allow error messages to get out because the error messages convey information that the attacker can use against you and Union statements will throw an error message that if it is conveyed to the attacker gives them way too much information that allows them to effectively use the union statement so you can do this select star or number of columns that you want and from the same those have to be the same table it can be different table so we can go say um let's go to the album table and then go where and let's see on the album we have columns are we've got uh title all right so where title is equal to to and then whatever title album title this allows us to connect okay two SQL statements together using the union and the union requires the same number of columns so here if we were run this we would likely throw a error message because we don't have the same number of columns and that error message is going to be able you're going to be able to use that to determine how many columns there are and then keep on sending these Union statements to the backend database until you have the column numbers right and then essentially you can connect two SQL statements together to be able to access the data that you want and maybe even do an update or an insert like these folks did kop so that's this is kind of this is kind of the next level of SQL injections using the union statement and it's often times you need to spend a lot of time doing kind of hit and miss trial and error to get the Union right but when you do you can pull out all kinds of information and or do things like updates and inserts on the database or if you're just interested in doing a dosac you can go delete the whole database or delete the table right and uh and so then you would just the system if you had system admin privileges you could delete the tables the database and do some ser ious damage to uh to the the company or the owner of the database you got to tell me you've got some cool amazing courses or classes coming up soon right at the time of this recording we're in about July um what's coming up we have uh we have some interesting classes coming up we have in July we have SDR for hackers where we're going to be able to use a software defined radio to be able to intercept cellular and satellite signals uh or we're going to be be doing an advanced SDR for hackers in 2024 we have ai for cyber security coming up in uh in September we have Bitcoin forensics coming up I think in December we have ai for cyber security in September we have Android hacking coming up in October and that's where we'll be looking at Pegasus and Pegasus twin uh for Android there will'll be building a fto cell in December a fto cell is you remember we did a a Mr Robot on it where AOS cell are would often refer to as U cell extenders so people who can't get cellular service the uh the companies the cell companies sell a little product that essentially becomes a mini cell tower a mini cell tower that then connects their cell signal to the internet all right and back to the back end of the uh the cell system those can be really effective hacking devices and they were used for instance in Pegasus the folks who did the Pegasus the when they sold Pegasus to NSO Group sold Pegasus to C certain countries it initially required that the individual had to click on a lake and sometimes people like you and I are careful won't click on the lake but if they put a fto cell or a stingray nearby then it doesn't require any type of Link because they're going to they're going to capture your cell signal right when they capture your cell signal then they can manipulate it in any way possible so we're going to build a fto cell in that class uh we'll also be working on building stingrays as well which is the ability to be able to capture cell signals uh from any distance analyzing the ss7 flaw in the cell system the mobile system has this big blot called ss7 where the cell systems connect and that's often exploited by hackers to be able to for instance intercept two Factor authentication we got a bunch of bunch of interesting things coming up and uh hopefully people find them interesting I find them interesting I I design classes into things that I'm interested in so other people might not be interested in it but it's the stuff that I'm interested in that we we design classes around that and I love it I mean I'm so grateful that you share a lot of that on YouTube so for everyone who's watching occupy the webinar I've discussed a bunch of top um one of the ones I know that a lot of people have asked for is uh Bitcoin uh tracing cuz that's something we we spoke about previously but this was like in the news so we decided to do this video first uh put it put in the comments below any topic that you want us to cover it's fantastic to be able to tap into occupy the web's uh experience and knowledge so that we can all learn from him occupy the web as always I really want to thank you for sharing um thanks so much for putting this together so quickly oh of course I always enjoy being here David and I thought this was a really Timely subject with this this attack going on right now live and so I wanted to kind of help people understand what was going on in in this uh this kind of mindblowing you know Earth shattering attack that's taking place but in our industry mindblowing and Earth shattering are an everyday occurrence exactly exactly
Original Description
This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack.
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to https://juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
If you have issues with the Juniper registration, please use these links that they gave me:
For Login assistance link https://userregistration.juniper.net/loginassistance
Customer Support link- https://support.juniper.net/support/requesting-support/
// Mr Robot Playlist //
https://www.youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q
// Proof of Concept //
Horizon3: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/davidbombal
// Occupy The Web social //
Twitter: https://twitter.com/three_cube
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://davidbombal.wiki/otw
// Occupy The Web books //
Linux Basics for Hackers: https://amzn.to/3JlAQXe
Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh
Top Hacking Books you need to read: https://youtu.be/trPJaCGBbKU
// Other books //
The Linux Command Line: https://amzn.to/3ihGP3j
How Linux Works: https://amzn.to/3qeCHoY
The Car Hacker’s Handbook by Craig Smith: https://amzn.to/3pBESSM
Hacking Connected Cars by Alissa Knight: https://amzn.to/3dDUZN8
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
In
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from David Bombal · David Bombal · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
RYU SDN Controller Part 4: Graphical User Interface (GUI): Practical GNS3 SDN and OpenFlow
David Bombal
HPE Network Protector SDN Application Part 1 - Introduction
David Bombal
HPE Network Protector SDN Application Part 2 : DNS Interception using OpenFlow
David Bombal
HPE Network Protector SDN Application Part 3 - Lab Setup using Physical Switches
David Bombal
HPE Network Protector SDN Application Part 4 - Demo of malicious websites blocked
David Bombal
HPE Network Protector SDN Application Part 5 - Demo OpenFlow table interception flows
David Bombal
HPE Network Protector SDN Application Part 6 - Demo of Physical Switch configuration
David Bombal
HPE Network Protector SDN Application Part 7 - Demo Service Insertion Tunnel / GRE Tunnel
David Bombal
HPE Network Protector SDN Application Part 8 - Demo SDN OpenFlow Reporting
David Bombal
HPE Network Protector SDN Application Part 9 - Demo switches interception of DNS traffic
David Bombal
GNS3 Talks: GNS3 version 1.5.X Appliance Tips
David Bombal
CCNA 200-125 Exam: AAA demo: TACACS+ with GNS3
David Bombal
GNS3 2.0.0 beta 2 install
David Bombal
CCNA #012: Learn SNMP with GNS3, Wireshark and Solarwinds NPM - CCNA 200-125 exam
David Bombal
CCNA #013: Spanning Tree CCNA Exam Questions: Know the answer? CCNA 200-125 exam
David Bombal
GNS3 2.0.0 beta : GNS3 VM integration with GNS3 GUI
David Bombal
CCNA #018: Routing exam questions: Who wins? OSPF, EIGRP or RIP? Sure? CCNA 200-125 exam
David Bombal
CCNA #019: Spanning Tree CCNA Exam Questions: Root Bridge, Root Port and more: CCNA 200-125 exam
David Bombal
GNS3 Download, installation and configuration - GNS3 1.5.3 and Windows 10
David Bombal
CCNA #023 EIGRP Neighbor Troubleshooting (DUAL Issues) for the CCNA 200-125 Exam
David Bombal
GNS3 2.0 Architecture and schema Part 1: What is the GNS3 Controller?
David Bombal
GNS3 2.0 Architecture and schema Part 2: Emulators and virtualization
David Bombal
CCNA #028 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #029 VTP & DTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #030 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
GNS3 : How to download Cisco IOS images and VIRL images. Which is the best? How do you get them?
David Bombal
GNS3 ASA setup: Import and configure Cisco ASAv with GNS3
David Bombal
GNS3 switching setup and options: Cisco and other switching options in GNS3
David Bombal
GNS3 switching setup and options Part 2: GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 3: Router on a sick with GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 4: Etherswitch Router for Cisco Dynamips Part 1
David Bombal
GNS3 switching setup and options Part 5: Etherswitch Router for Cisco Dynamips Part 2
David Bombal
GNS3 switching setup and options Part 6: Etherswitch, Wireshark, 802.1Q, InterVLAN routing
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 1: GNS3 Switching Part 7
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 2: GNS3 Switching Part 8
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 3: GNS3 Switching Part 9
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 4: GNS3 Switching Part 10
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 5: GNS3 Switching Part 11
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 1: GNS3 switching options Part 12
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 2: GNS3 switching options Part 13
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 6: GNS3 Switching Part 14
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 7: GNS3 Switching Part 15
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 1: GNS3 NFV
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 2: GNS3 NFV
David Bombal
GNS3 Talks: Use the NAT node to connect GNS3 to the Internet easily!
David Bombal
GNS3 Talks: GNS3 2.0 RC1 is now available
David Bombal
GNS3 Talks: GNS3 2.0 Portable Projects - easily export and import GNS3 projects
David Bombal
GNS3 Talks: Multiple clients sharing projects in real time, plus console session shadowing!
David Bombal
CCNA #035 NAT Troubleshooting Scenario 1 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #036 NAT Troubleshooting Scenario 2 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 1: leverage servers and the cloud
David Bombal
CCNA #037 OSPF Troubleshooting - can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 2: leverage servers and the cloud
David Bombal
CCNA #038 NAT Troubleshooting Scenario 3 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #039 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
CCNA #040 NAT Troubleshooting Scenario 4 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 1
David Bombal
CCNA #041 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 2
David Bombal
GNS3 Talks: ipterm: Linux, Docker, Python, SDN and more! Part 1
David Bombal
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
I built the first OSS federated threat-intel feed for LLM prompt injection. Here's how it works — and why no one else did.
Dev.to · Thamilvendhan Munirathinam
Beyond GHAS: Why I Built a Vulnerability Scanner I Almost Talked Myself Out Of
Medium · Cybersecurity
Encryption: Protecting Users from Hackers and Themselves
Medium · Cybersecurity
I Expected a Cyberweapon. What I Found in Stuxnet’s Source Code Was Worse
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI