This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack. Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL If you have issues with the Juniper registration, please use these links that they gave me: For Login assistance link userregistration.juniper.net/loginassistance Customer Support link- support.juniper.net/support/requesting-support/ // Mr Robot Playlist // th-cam.com/play/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q.html // Proof of Concept // Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal // Occupy The Web social // Twitter: twitter.com/three_cube // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw // Occupy The Web books // Linux Basics for Hackers: amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh Top Hacking Books you need to read: th-cam.com/video/trPJaCGBbKU/w-d-xo.html // Other books // The Linux Command Line: amzn.to/3ihGP3j How Linux Works: amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8 // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:55 - Juniper Free Training (Sponsored segment) 01:51 - OccupyTheWeb books and new books 03:57 - The MOVEit breach explained 05:20 - Clop website // Companies affected 08:52 - The two different vulnerabilities 10:26 - The truth about SQL Injection 12:21 - Using Shodan 14:05 - Proof of concept of the exploit 16:18 - SQL Injection example 20:35 - MOVEit hack analysis / How it was done 28:57 - CVE-2023-35708 SQL Injection vulnerability explained 30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked 31:01 - SQL Injection hack in the real world 32:45 - OccupyTheWeb online classes 33:46 - Union statement // Stacking queries demo 37:02 - Upcoming OccupyTheWeb courses and classes 39:50 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
PEGASUS SPYWARE: Pegasus has the ability to access devices, without victims pressing a link, is what they learned us so far. But that is a lie, it is way more Intelligent than that. The Virus is hidden in Memes and Thumbnails, it’s spread across the World every time after devices Update, using Social Media, and Unaware Victims Executing video’s, Thumbnails, images etc.
Sir gave a video on upwork scammers how to hack their computer through PDF. please sir.. please sir... please sir....I have been a victim of many scams! I want to take action against them.😢😢😢 They made me work, many times they didn't pay.
@@davidbombal hey can you guys make a full website deface video plz its very common people search for but they dint get much info on that i hope OTW may do it or john
The knowledge flows out of him so casually and easy to understand. Its typically a skill you find in someone that's been doing "It" most of their life. He teaches as easily as someone else might tie their shoes.
1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)
Keep it up David, videos with OTW are full of valuable information. Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.
It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always
such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.
Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.
It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.
Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!
It's always amazing learning you and much more when master OTW is in class. Thanks to you both. I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️
The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.
Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.
Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative
Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)
Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.
Great video! Loved it! So clear! Question for you and OTW: wouldn’t any of these big companies have a SIEM blocking exfiltration in big sizes? I recall Sentinel going off alarms and bella when users moved/deleted large volumes of data? Maybe a dumb question…but any answer would be appreciated thanks!
Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.
It's not about cyber sec only for you to be exposed to some simple sql injection techniques and how it works in the back, even for us in Software Engineering/Comp Science, one of my lecturers in the web app networking module discussed with us about sql injection, cross site scripting, and other sorts of old school hacking techniques, honestly, I think that every single person involved into IT needs to have at least a basic grasp/knowledge of these technoiques and their basics, or at least know what they are about, maybe in the near future everybody will need to know this, which I'm not really a fan of but, the world is moving forward, and we all need to adapt to it.
OTW is awesome! I enjoy his courses and books! Great wealth of knowledge for anyone getting into the IT world. Thanks David for the awesome collaboration!
@@oppenheimer11 sorry for delayed response. Yes I have a subscriber package, which consists of beginner to intermediate courses. There is also a Pro package for advanced hacking courses. I signed up end of last year when I was completing a Cyber bootcamp so I was familiar with a lot of the trainings/courses but OTW takes it to the next level and expands on each of the subjects. A deeper learning. I enjoy his books and trainings, helping me learn more of the offensive/red teaming methodologies. I would recommend to anyone looking to enter either the security/pentest part of the industry.
David and John Hammond are definitely behind these hacks. Being an incredibly wholesome, cybersecurity content creators and collaborators is a pretty good cover… just unsuspecting enough. Avunit?
There is no doubt that you will rise fast at the apex of your career MetaspyClub . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock!.
Bombal Sir. I am very Sorry. I ddos'ed your site. I thought it would be difficult. But it was gone on the first try. But now ddos is not working. The reason is you are a very Good hacker. You fixed the site and now it is not getting affected.
For me it’s easier to suppose it’s someone with access to the source code who wrote it. Instead it was a dozen of people researching for years what to write in an input.
This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack.
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
If you have issues with the Juniper registration, please use these links that they gave me:
For Login assistance link userregistration.juniper.net/loginassistance
Customer Support link- support.juniper.net/support/requesting-support/
// Mr Robot Playlist //
th-cam.com/play/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q.html
// Proof of Concept //
Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
// Occupy The Web social //
Twitter: twitter.com/three_cube
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw
// Occupy The Web books //
Linux Basics for Hackers: amzn.to/3JlAQXe
Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh
Top Hacking Books you need to read: th-cam.com/video/trPJaCGBbKU/w-d-xo.html
// Other books //
The Linux Command Line: amzn.to/3ihGP3j
How Linux Works: amzn.to/3qeCHoY
The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM
Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming Up
00:55 - Juniper Free Training (Sponsored segment)
01:51 - OccupyTheWeb books and new books
03:57 - The MOVEit breach explained
05:20 - Clop website // Companies affected
08:52 - The two different vulnerabilities
10:26 - The truth about SQL Injection
12:21 - Using Shodan
14:05 - Proof of concept of the exploit
16:18 - SQL Injection example
20:35 - MOVEit hack analysis / How it was done
28:57 - CVE-2023-35708 SQL Injection vulnerability explained
30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked
31:01 - SQL Injection hack in the real world
32:45 - OccupyTheWeb online classes
33:46 - Union statement // Stacking queries demo
37:02 - Upcoming OccupyTheWeb courses and classes
39:50 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
Juniper network training not working. their link to register is down currently, keeps taking me in circles.
PEGASUS SPYWARE:
Pegasus has the ability to access devices, without victims pressing a link, is what they learned us so far. But that is a lie, it is way more Intelligent than that.
The Virus is hidden in Memes and Thumbnails, it’s spread across the World every time after devices Update, using Social Media, and Unaware Victims Executing video’s, Thumbnails, images etc.
Ty for everything you do
ThankYou for the new video Mr Bombal.
Sir gave a video on upwork scammers how to hack their computer through PDF. please sir.. please sir... please sir....I have been a victim of many scams! I want to take action against them.😢😢😢 They made me work, many times they didn't pay.
Very cool to see the MOVEit coverage here -- and especially thank you for the Huntress shoutout! :)
Great to see you here John!! You and the team at Huntress are amazing! Got to get you back here :)
@@davidbombal hey can you guys make a full website deface video plz its very common people search for but they dint get much info on that i hope OTW may do it or john
The knowledge flows out of him so casually and easy to understand.
Its typically a skill you find in someone that's been doing "It" most of their life.
He teaches as easily as someone else might tie their shoes.
Agreed! "If you can't explain it simply, you don't understand it well enough." Albert Einstein
Occupytheweb your voice is life. So calming. ^_^
I'm a SQL developer who is trying to transition into Cybersecurity (just passed CompTIA Security +), and I REALLY enjoyed this! Thank you
OTW=respect.
Agreed.
@@davidbombaltell him he owes me a pizza.
otw = american spy
You two never fail to disappoint. Amazing as always OTW and David. Bravo
Thank you very much!
UNION you also have to have the same data type : varchar,number,DateTime etc
Never fail to disappoint.. 😅
This channel is an absolute gem for the IT community! Thank you for bringing consistently great content, David!
That's why stored procedures are the best option to avoid any issues with what the DB does or what data is involved.
Thanks David Bombal and OTW for this amazing video.
I definitely push my team to watch it.
🎉
Thank you! Glad you enjoyed it!
1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)
Keep it up David, videos with OTW are full of valuable information.
Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.
Thank you. Glad you got all the content 😀
I agree I like to watch David in all my free Time:)
Seeing OTW, instant like and watch. Best content on YT, and best content on your channel! Waiting for more, great stuff.🤞
I've learned a lot of practical knowledge from listening to OTW and Mr. Bombal.
OTW is a gift to the world! so are you David!
awesome video, i love all the information and links you provide. you guys are nailing it!! keep it up
Thank you very much!
As always Mr.david surprise us with intresting topics wich help a lot. Really appreciate it sir .
I love OTW❤❤❤❤❤.... and also DAVID BOMBAL who represent this type of man on the viewers....
Thank you very much for always putting in very informative content. I am enjoying it from South Africa
Such a great vid, probably my fav so far! Thanks for sharing!
It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always
You're welcome! I think it's great to see a current, real version of this, and then to learn the basics if you don't know yet :)
such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.
As always, when I see a video with OTW, I do hit like and watch the video! Great stuff!
Nice episodes really enjoy them, as a software Developer, this will be a great skill to acquire, much love from South Africa.
Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.
Awesome video! Very well explained and easy to follow along. What great teachers!
David we need more real world hacking senarios like this one.
I realy respect for host tge way he breaks down everything
David, we enjoy OTW, and you are the reason we know him. So, thank both of you
Thank you very much!
It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.
Another great lesson. Thank You David and Master Occupy The Web.
Im a student of OTW and his classes are top notch in every aspect! Thanks David for the interview, RESPECT ❤️
So do u really recommend me to buy a subscription to his classes?, since it will be very expensive to me.
@@sdwsom4287 if you want, try his classes in the gold membership which is monthly then upgrade your membership
@@ebooooo1213 OK thanks mate.
@@oppenheimer11 they have different levels. You can get the starter bundle get some knowledge then join classes
"You can't be a hacker if you don't know programming... If I read source code and understand it, it's because I'm capable of writing it."
Great 👍 thanks @David as usual learnt a lot
Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!
Thanks David and OTW.
Very knowledge filled.
Glad you enjoyed it
It's always amazing learning you and much more when master OTW is in class. Thanks to you both.
I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️
very cool as always ;). Good story, cold beer and OTW!
Always happy to have OTW and you posting videos on here together🎉🎉
Thank you. Lots more to come!
@@davidbombal can we get a Neal + OTW round table discussion?! 🫣🤩
The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.
All my respect for OTW, and You David. Thank you!
love the OTW episodes...would love a more in depth episode on ss7 and 2fa also if possible
See you next time OTW. Thx David always great interview
Thanks David & OTW i never miss your video and i will never miss it❤❤
Lots of love to my man David Bombal.
hitting the like button before i start watching - i know it will be awesome 👏 thank you
this video this informations so good . i will learn it right now . i just want be safe from all internet
Thnkz david so much without ur youtube channel we cant get this great man (OTW).....
amazing 🥇I like this kind of videos Dave
man i love ur content. i follow u on spotify as well. more otw and sparc flow pls and ty david. JUST GREAT CONTENT!
Thank you, David, for everything
Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.
More OTW ! But we got our fix for today! Keep up the awesome job!
We are planning to record a lot of videos 😀 Hope you really enjoyed today's video.
@@davidbombal omg it was awesome thanks again!
Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative
Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)
This duo you are amazing. Thanks for those knowledge
David, your channel would be amazing regardless, OTW is just a bonus!
They must have done a shit load of recon, to know the table names and columns. Wow
OTW mentions that it took them 2 years ...
Thanks David. Splendid stuff
You're welcome!
I work in a SOC. I'm going to buy this guy's books for sure.
Brilliant video David and OTW...🌟
Excellent content my friend David and OTW.
Much appreciated!
What a guy you are, David. In the middle of the mountains taking a moment to record something for your sponsor 😂
Thanks David I really need that video 👍❤️
You're welcome! I hope you enjoyed the video 😀
Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.
You rock David !! Always the best videos :) Looking forward for more videos with OTW.
Great video! Loved it! So clear! Question for you and OTW: wouldn’t any of these big companies have a SIEM blocking exfiltration in big sizes? I recall Sentinel going off alarms and bella when users moved/deleted large volumes of data? Maybe a dumb question…but any answer would be appreciated thanks!
Very nice content sir! Thank you very much
Thank you! Glad you enjoyed the video :)
David and OTW explain things in lamens terms so us newbs can comprehend it
hi sir can you please make a video on pivoting devices and discuss of it with master occupy the web!
Great suggestion
@@davidbombal thank you sir !! i am looking forward to it
Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.
Ooh this hack was a work of art. Good analysis!
Your videos are super cool so even I make videos like you do! Cool videos you make...........
Salute you both,
thanks a lot ❤❤❤
OTW!! Let’s gooo!
This sure is real. Again LOVE seeing you covering these topics David and GREAT to see you OTW!
Thank you. So nice having OTW share his knowledge and experience with all of us 😀
Love you sir from india😊
Thank you! I appreciate your support!
The ... " we have a chance moment" just awesome.
It's not about cyber sec only for you to be exposed to some simple sql injection techniques and how it works in the back, even for us in Software Engineering/Comp Science, one of my lecturers in the web app networking module discussed with us about sql injection, cross site scripting, and other sorts of old school hacking techniques, honestly, I think that every single person involved into IT needs to have at least a basic grasp/knowledge of these technoiques and their basics, or at least know what they are about, maybe in the near future everybody will need to know this, which I'm not really a fan of but, the world is moving forward, and we all need to adapt to it.
That was brililant info. I must have missed when this came out.
Thank you for one more great episode
Great video, can't wait for the SEQUEL 😄
Every time I see new vid I’m happy that i pushed the subscribe button
Telling the truth is crazy in a world full of lies. Needed that one but thanks to *Metaspyclub* who granted me his Text.
Many thanks to you David and OTW for the great job you're doing. Maximum respect.🙌🙌
Another great video David.
OTW IS BACK!!! Love it!!
OTW is awesome! I enjoy his courses and books! Great wealth of knowledge for anyone getting into the IT world. Thanks David for the awesome collaboration!
@@oppenheimer11 sorry for delayed response. Yes I have a subscriber package, which consists of beginner to intermediate courses. There is also a Pro package for advanced hacking courses. I signed up end of last year when I was completing a Cyber bootcamp so I was familiar with a lot of the trainings/courses but OTW takes it to the next level and expands on each of the subjects. A deeper learning. I enjoy his books and trainings, helping me learn more of the offensive/red teaming methodologies. I would recommend to anyone looking to enter either the security/pentest part of the industry.
David and John Hammond are definitely behind these hacks. Being an incredibly wholesome, cybersecurity content creators and collaborators is a pretty good cover… just unsuspecting enough.
Avunit?
shoutout to OTW, I call him OccupyTheTH-cam now😂
Thanks David and OTW
Thank you for all the good things you do, David. We all love you!
Otw welcome back legend❤
i like to do the OTW femtocell class
thank you david to become a medium of transferring this knowledge to us
There is no doubt that you will rise fast at the apex of your career MetaspyClub . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock!.
Bombal Sir. I am very Sorry. I ddos'ed your site. I thought it would be difficult. But it was gone on the first try. But now ddos is not working. The reason is you are a very Good hacker. You fixed the site and now it is not getting affected.
For me it’s easier to suppose it’s someone with access to the source code who wrote it. Instead it was a dozen of people researching for years what to write in an input.
hi David, good vid. I am curious about SDR course on july. could you inform me in detail? Thanks
Great episode, well explained
I do not know how to turn a PC on so how do I learn how to code
Những Video có OTW thật sự rất hay!!