Real World Hacking Demo with OTW
This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack.
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
If you have issues with the Juniper registration, please use these links that they gave me:
For Login assistance link userregistration.juniper.net/...
Customer Support link- support.juniper.net/support/r...
// Mr Robot Playlist //
• Mr Robot
// Proof of Concept //
Horizon3: www.horizon3.ai/moveit-transf...
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZread: / davidbombal
// Occupy The Web social //
Twitter: / three_cube
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw
// Occupy The Web books //
Linux Basics for Hackers: amzn.to/3JlAQXe
Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh
Top Hacking Books you need to read: • Top Hacking Books for ...
// Other books //
The Linux Command Line: amzn.to/3ihGP3j
How Linux Works: amzn.to/3qeCHoY
The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM
Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming Up
00:55 - Juniper Free Training (Sponsored segment)
01:51 - OccupyTheWeb books and new books
03:57 - The MOVEit breach explained
05:20 - Clop website // Companies affected
08:52 - The two different vulnerabilities
10:26 - The truth about SQL Injection
12:21 - Using Shodan
14:05 - Proof of concept of the exploit
16:18 - SQL Injection example
20:35 - MOVEit hack analysis / How it was done
28:57 - CVE-2023-35708 SQL Injection vulnerability explained
30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked
31:01 - SQL Injection hack in the real world
32:45 - OccupyTheWeb online classes
33:46 - Union statement // Stacking queries demo
37:02 - Upcoming OccupyTheWeb courses and classes
39:50 - Conclusion
MOVEit
sql
sql injection
hack
hacking
hacker
pegasus
cybersecurity
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#hacking #cybersecurity #sql
Пікірлер: 372
This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack. Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL If you have issues with the Juniper registration, please use these links that they gave me: For Login assistance link userregistration.juniper.net/loginassistance Customer Support link- support.juniper.net/support/requesting-support/ // Mr Robot Playlist // kzread.info/head/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q // Proof of Concept // Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZread: kzread.info // Occupy The Web social // Twitter: twitter.com/three_cube // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw // Occupy The Web books // Linux Basics for Hackers: amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh Top Hacking Books you need to read: kzread.info/dash/bejne/pqaErMN8d6XIe7g.html // Other books // The Linux Command Line: amzn.to/3ihGP3j How Linux Works: amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8 // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:55 - Juniper Free Training (Sponsored segment) 01:51 - OccupyTheWeb books and new books 03:57 - The MOVEit breach explained 05:20 - Clop website // Companies affected 08:52 - The two different vulnerabilities 10:26 - The truth about SQL Injection 12:21 - Using Shodan 14:05 - Proof of concept of the exploit 16:18 - SQL Injection example 20:35 - MOVEit hack analysis / How it was done 28:57 - CVE-2023-35708 SQL Injection vulnerability explained 30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked 31:01 - SQL Injection hack in the real world 32:45 - OccupyTheWeb online classes 33:46 - Union statement // Stacking queries demo 37:02 - Upcoming OccupyTheWeb courses and classes 39:50 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
@lrplinking1771
11 ай бұрын
Sick
@cw9352
11 ай бұрын
Juniper network training not working. their link to register is down currently, keeps taking me in circles.
@s.m.1354
11 ай бұрын
PEGASUS SPYWARE: Pegasus has the ability to access devices, without victims pressing a link, is what they learned us so far. But that is a lie, it is way more Intelligent than that. The Virus is hidden in Memes and Thumbnails, it’s spread across the World every time after devices Update, using Social Media, and Unaware Victims Executing video’s, Thumbnails, images etc.
@waystomakelifebetter
11 ай бұрын
Ty for everything you do
@funkymonk2254
11 ай бұрын
ThankYou for the new video Mr Bombal.
Very cool to see the MOVEit coverage here -- and especially thank you for the Huntress shoutout! :)
@davidbombal
11 ай бұрын
Great to see you here John!! You and the team at Huntress are amazing! Got to get you back here :)
@SajidQureshi__
11 ай бұрын
@@davidbombal hey can you guys make a full website deface video plz its very common people search for but they dint get much info on that i hope OTW may do it or john
OTW=respect.
@davidbombal
11 ай бұрын
Agreed.
@Stopinvadingmyhardware
11 ай бұрын
@@davidbombaltell him he owes me a pizza.
@landless-wind
11 ай бұрын
otw = american spy
The knowledge flows out of him so casually and easy to understand. Its typically a skill you find in someone that's been doing "It" most of their life. He teaches as easily as someone else might tie their shoes.
@davidbombal
11 ай бұрын
Agreed! "If you can't explain it simply, you don't understand it well enough." Albert Einstein
You two never fail to disappoint. Amazing as always OTW and David. Bravo
@davidbombal
11 ай бұрын
Thank you very much!
@pgprog
11 ай бұрын
UNION you also have to have the same data type : varchar,number,DateTime etc
@mr.bouncealot9047
24 күн бұрын
Never fail to disappoint.. 😅
1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)
Seeing OTW, instant like and watch. Best content on YT, and best content on your channel! Waiting for more, great stuff.🤞
Such a great vid, probably my fav so far! Thanks for sharing!
Occupytheweb your voice is life. So calming. ^_^
I'm a SQL developer who is trying to transition into Cybersecurity (just passed CompTIA Security +), and I REALLY enjoyed this! Thank you
awesome video, i love all the information and links you provide. you guys are nailing it!! keep it up
@davidbombal
11 ай бұрын
Thank you very much!
That's why stored procedures are the best option to avoid any issues with what the DB does or what data is involved.
Thanks David Bombal and OTW for this amazing video. I definitely push my team to watch it. 🎉
@davidbombal
11 ай бұрын
Thank you! Glad you enjoyed it!
It's always amazing learning you and much more when master OTW is in class. Thanks to you both. I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️
As always, when I see a video with OTW, I do hit like and watch the video! Great stuff!
Thank you very much for always putting in very informative content. I am enjoying it from South Africa
I've learned a lot of practical knowledge from listening to OTW and Mr. Bombal.
I have really learned a lot from your channel in these past years 😊 i'm so grateful that I can get this level of knowledge from your videos. I have a lot to do and your videos are a motivation ❤. Thank you much David I know the difference between the time i just subscribed to your channel and NOW . Ride on David.👍
OTW is a gift to the world! so are you David!
such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.
You rock David !! Always the best videos :) Looking forward for more videos with OTW.
Keep it up David, videos with OTW are full of valuable information. Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.
@davidbombal
11 ай бұрын
Thank you. Glad you got all the content 😀
@cyberdevil657
11 ай бұрын
I agree I like to watch David in all my free Time:)
Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.
*Metaspyclub* is carrying the weight of the team, figuratively and literally haha. Nah you all actually pushed so hard, well done for the IG chats access!
Nice episodes really enjoy them, as a software Developer, this will be a great skill to acquire, much love from South Africa.
Great 👍 thanks @David as usual learnt a lot
Awesome video! Very well explained and easy to follow along. What great teachers!
Another great lesson. Thank You David and Master Occupy The Web.
Thanks David and OTW. Very knowledge filled.
@davidbombal
11 ай бұрын
Glad you enjoyed it
love the OTW episodes...would love a more in depth episode on ss7 and 2fa also if possible
Thank you, David, for everything
man i love ur content. i follow u on spotify as well. more otw and sparc flow pls and ty david. JUST GREAT CONTENT!
Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative
As always Mr.david surprise us with intresting topics wich help a lot. Really appreciate it sir .
Very nice content sir! Thank you very much
@davidbombal
11 ай бұрын
Thank you! Glad you enjoyed the video :)
Great video! Loved it! So clear! Question for you and OTW: wouldn’t any of these big companies have a SIEM blocking exfiltration in big sizes? I recall Sentinel going off alarms and bella when users moved/deleted large volumes of data? Maybe a dumb question…but any answer would be appreciated thanks!
Thanks David I really need that video 👍❤️
@davidbombal
11 ай бұрын
You're welcome! I hope you enjoyed the video 😀
I love OTW❤❤❤❤❤.... and also DAVID BOMBAL who represent this type of man on the viewers....
Lots of love to my man David Bombal.
very cool as always ;). Good story, cold beer and OTW!
Brilliant video David and OTW...🌟
Telling the truth is crazy in a world full of lies. Needed that one but thanks to *Metaspyclub* who granted me his Text.
All my respect for OTW, and You David. Thank you!
Thanks David. Splendid stuff
@davidbombal
5 ай бұрын
You're welcome!
amazing 🥇I like this kind of videos Dave
Thank you for one more great episode
Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)
It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always
@davidbombal
11 ай бұрын
You're welcome! I think it's great to see a current, real version of this, and then to learn the basics if you don't know yet :)
Thank you for all the good things you do, David. We all love you!
Excellent content my friend David and OTW.
@davidbombal
11 ай бұрын
Much appreciated!
Another great video David.
David we need more real world hacking senarios like this one. I realy respect for host tge way he breaks down everything
See you next time OTW. Thx David always great interview
David, we enjoy OTW, and you are the reason we know him. So, thank both of you
@davidbombal
11 ай бұрын
Thank you very much!
Super informative thank you!
Thanks David & OTW i never miss your video and i will never miss it❤❤
Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!
The ... " we have a chance moment" just awesome.
It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.
hitting the like button before i start watching - i know it will be awesome 👏 thank you
Great episode, well explained
Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.
Great video, can't wait for the SEQUEL 😄
This duo you are amazing. Thanks for those knowledge
Always happy to have OTW and you posting videos on here together🎉🎉
@davidbombal
11 ай бұрын
Thank you. Lots more to come!
@landrover827
11 ай бұрын
@@davidbombal can we get a Neal + OTW round table discussion?! 🫣🤩
Otw welcome back legend❤
I work in a SOC. I'm going to buy this guy's books for sure.
David, your channel would be amazing regardless, OTW is just a bonus!
Thnkz david so much without ur youtube channel we cant get this great man (OTW).....
Ooh this hack was a work of art. Good analysis!
That was brililant info. I must have missed when this came out.
Great content as always
Salute you both, thanks a lot ❤❤❤
They must have done a shit load of recon, to know the table names and columns. Wow
@davidbombal
11 ай бұрын
OTW mentions that it took them 2 years ...
Love your work guys 👏
Many thanks to you David and OTW for the great job you're doing. Maximum respect.🙌🙌
More OTW ! But we got our fix for today! Keep up the awesome job!
@davidbombal
11 ай бұрын
We are planning to record a lot of videos 😀 Hope you really enjoyed today's video.
@APT4308
11 ай бұрын
@@davidbombal omg it was awesome thanks again!
This sure is real. Again LOVE seeing you covering these topics David and GREAT to see you OTW!
@davidbombal
11 ай бұрын
Thank you. So nice having OTW share his knowledge and experience with all of us 😀
OTW!! Let’s gooo!
Thank you, much appreciated
Thanks David and OTW
OTW IS BACK!!! Love it!!
Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.
Im a student of OTW and his classes are top notch in every aspect! Thanks David for the interview, RESPECT ❤️
@sdwsom4287
11 ай бұрын
So do u really recommend me to buy a subscription to his classes?, since it will be very expensive to me.
@ebooooo1213
11 ай бұрын
@@sdwsom4287 if you want, try his classes in the gold membership which is monthly then upgrade your membership
@sdwsom4287
11 ай бұрын
@@ebooooo1213 OK thanks mate.
@ebooooo1213
9 ай бұрын
@@oppenheimer11 they have different levels. You can get the starter bundle get some knowledge then join classes
What a guy you are, David. In the middle of the mountains taking a moment to record something for your sponsor 😂
Every time I see new vid I’m happy that i pushed the subscribe button
OTW is awesome! I enjoy his courses and books! Great wealth of knowledge for anyone getting into the IT world. Thanks David for the awesome collaboration!
@t3keen0ob
9 ай бұрын
@@oppenheimer11 sorry for delayed response. Yes I have a subscriber package, which consists of beginner to intermediate courses. There is also a Pro package for advanced hacking courses. I signed up end of last year when I was completing a Cyber bootcamp so I was familiar with a lot of the trainings/courses but OTW takes it to the next level and expands on each of the subjects. A deeper learning. I enjoy his books and trainings, helping me learn more of the offensive/red teaming methodologies. I would recommend to anyone looking to enter either the security/pentest part of the industry.
This is one of the only channels I don’t write bad comments on. 😂
Thank you, David and OTW. Fantastic work.
Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.
i like to do the OTW femtocell class thank you david to become a medium of transferring this knowledge to us
thanks mate really useful :)
The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.
David and OTW explain things in lamens terms so us newbs can comprehend it
I was wondering how on the show True Justice with Steven Segal I see they are using Ubuntu But I would like to know what theme are they using? Or is some one creating those themes just for the show?
Will Linux Basics for Hackers get updated? I just recently bought it and got to chapter 3 but some of the stuff requires further research and different tools or routes to get to. I understand this is probably just a normal case of Welcome to Tech! Im just wondering if there are planned updates or expansions on the content.
Những Video có OTW thật sự rất hay!!
I really enjoyed contents with OTW
@davidbombal
11 ай бұрын
Very happy to hear that!
So brilliant :)
Brilliant video