Big thanks to Flare for sponsoring this video. You can track down cybercrime and manage threat intelligence or your own exposed attack surface with Flare! Try a free trial and see what info is out there. try.flare.io/david-bombal/ Your usernames and passwords are out there. So many breaches are happening and passwords are being posted on the Dark Web and Telegram channels. And to make things worse, stealer logs are stealing information from computers using malware. // Link PDF // Download here: davidbombal.wiki/flare1 // TH-cam videos REFERENCE // Why hack when you can just log in?: th-cam.com/video/jmdCArq8Mmc/w-d-xo.html // David's SOCIAL // Discord: discord.com/invite/usKSyzb X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Introduction 00:11 - Demo of Python login to Wordpress 00:25 - Permission when hacking websites 00:36 - How the script works 01:04 - How Harry got hacked 01:51 - Using a password manager 02:13 - Passwords leaked on the dark web 02:37 - Flare Demonstration 03:35 - Your username is probably out there 04:13 - Using Flare API 05:06 - Demonstration 05:35 - Flare notifications 06:02 - PDF guide 06:21 - Beware of Stealer Logs 07:04 - Leaked credentials 07:20 - Flare helps businesses 07:33 - Demonstration of the script 09:42 - Conclusion 10:32 - Outro tor telegram python wordpress dark web deep web flare flare io php onion onion websites malware haveibeenpwned stealerlogs stealer malware malware analysis cybersecurity cybersecurity jobs hacking ethical hacking hacking jobs cyber security career cybersecurity cybersecurity careers ceh oscp cybersecurity job Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #darkweb #hacking #tor
David, yes to all of the above questions! This was a great topic, very interesting. Another positive I would add for you to consider is that these shorter format 10 to 15 minute videos are much easier to digest/watch at home or work around a busy schedule. Fantastic amount of info in a very brief video!
In summary, preventing these cyber attacks can be summarized as follows: - Use the password manager and generate extremely secure passwords - If possible, use passkeys as often as possible - Enable 2FA for an additional layer of security.
For a business like mine, using Flare has been great. We get notifications if our credentials have been leaked on the dark web or are being talked about in Telegram channels etc. How do I protect myself and my team? Flare.io is one of those ways.
What is the difference between a passkey and password? I'm just starting my journey in cybersecurity (more as a hobby than a job at this point) and I'm not understanding the difference between the two.
cloud flare or google recaptcha will give you protection against bruteforce attack. be confident. another thing is Session-fixation. that is a little bit scary.
YES! We need more Solo David! All love all these types of videos but my top favorite are when you are teaching stuff like this it is always fun to watch. I can't wait to see more stuff like this :D
This was a very informational video that was very short and simple. The script was written well as well, I am going through and learning selenium slowly. It is merely a constant "space race" between computational black hats and security researchers that will continue forever. Thank you for what you do to keep the information security community alive.
It is so hard to keep up with this stuff. There is so much info. You make it easier for me to help protect my customers. Things seem to be getting worse. Thank you for your heads up and the info. THANK YOU "Flare" going to your site next!
Agreed. This is what I love about Flare - makes it so much easier to keep up as otherwise it's just a loosing battle with the number of hacks happening all the time.
Nice to see you again posting useful videos, i prefer to see you more, the interviews you take are nice and useful but personally speaking I prefer watching your videos in various subjects.
there is a double conundrum here if flare is not intended for individuals, yet there is a free trial and learning about a product most individuals can’t use.
A lot of people who watch my videos work for companies including small businesses. How would small businesses like mine protect ourselves? Using Flare as part of our cybersecurity defenses. You may not use this at home, but you may look into it for the company you work for. A lot of blue team products are aimed at businesses including Flare. I think it's important that you learn even as an individual what options are out there for the blue team.
Flare looks fantastic. it sucks they hide their pricing though (not shown on their website) and force people to give private information (name, email address, etc) just to find out Flare pricing. what a contradiction of transparency...
This is cool to know and learn! Thank you David! Edit: Is there a way to create an anonymous account in Kali Linux to access the internet? I remember over a decade ago that there is a software tool that can do that and leave comments on the website.
Thanks for the video! I already signed up with Flare! I have over 30 WordPress websites and I want to protect these websites. This tool is really helpful. Wondering how much does it cost? I didn't see any pricing on the website.
Nice python script. I had some ideas about extending the functions of the python script. I developed mine using the python library mechanicalsoup utilizing the Statefulbrowser function so I don't have a predefined time to sleep to detect that html elements or strings have changed on the webpage, also allow you to avoid issues with html elements being changed as well. Extended the login function by adding checking if the user has admin access if True Inject a php reverse shell into 404.php file, so that if anyone searches for an unknown resource it will send a reverse shell connection to the attacker. In addition to protecting the apikey I used optparse to create an argument to add --apikey which I think inputting key value when script is called is better than storing in an environment variable.
oh wow, let's create a product for businessess and youtubers and never give access to it to people, so that the youtubers and businesses could protect themselves, but not the normal users. Just goes to show who they care the most about.
Use a brute force protection plugin. 2FA authorisation. Long random passwords. Password manager. Turn iff computers when not in use. (Before you comment,Turning computers off may deter hackers whi are looking for a botnet that requires continuous uptime.)
Flare is a blue team defensive product. I'm showing what hackers can do with leaked credentials. But, how do companies protect themselves. Well, Flare can help you with that as they have a great Threat Intelligence Platform.
@@davidbombal Checking out the PDF now. Any chance the Python script will be available? Currently doing the Python Basic for Hackers via OTW but we’re not up to anything that complicated so far.
Also a friendly reminder your password or 2FA doesn’t matter if you click a phishing link and they get your session tokens… thanks to Microsoft for weird domain names confusing the shit out of people!!!
Hey Bro......My name is Biswadeb Mukherjee from India & I really love your demonstrations.....can you please demonstration live packet injections on a wifi network....please
What are you talking about? I don't have my subscribers e-mail addresses. TH-cam has that information. If you referring to Troy Hunt's website - haveibeenpwned, please do some more research before making a comment like this.
Thank you but for me it's difficult to understand because I'm beginner in technology i don't understand some word English but thank you for your help i like this course
Hello Me David. I have been doing research on puppy linux and would love it if you do a video for us that can afford a low end pc and also want to practice using something light like puppy
make a video about session fixation and session in user browser stoarge that can be accessable from thirdparty. or is it possible to have access to session that set from another website in users browser ?
You could write a script to hack anything including cpanel etc using leaked credentials. This is one of the biggest issues at the moment - as Tom explained in the Cisco Live video. Why try really difficult hacks when you can just login using usernames and passwords that have been leaked.
@@davidbombal is it even possible to bypass the google recaptcha or similar security layer? i think it need advanced AI tools or know how to write it, right? do you any of them ?
![Hack*ing a wordpress website using wpscan [KaliLinux]](http://i.ytimg.com/vi/MBwOylzydNk/mqdefault.jpg)
Big thanks to Flare for sponsoring this video. You can track down cybercrime and manage threat intelligence or your own exposed attack surface with Flare! Try a free trial and see what info is out there. try.flare.io/david-bombal/
Your usernames and passwords are out there. So many breaches are happening and passwords are being posted on the Dark Web and Telegram channels. And to make things worse, stealer logs are stealing information from computers using malware.
// Link PDF //
Download here: davidbombal.wiki/flare1
// TH-cam videos REFERENCE //
Why hack when you can just log in?: th-cam.com/video/jmdCArq8Mmc/w-d-xo.html
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
X: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: www.youtube.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Introduction
00:11 - Demo of Python login to Wordpress
00:25 - Permission when hacking websites
00:36 - How the script works
01:04 - How Harry got hacked
01:51 - Using a password manager
02:13 - Passwords leaked on the dark web
02:37 - Flare Demonstration
03:35 - Your username is probably out there
04:13 - Using Flare API
05:06 - Demonstration
05:35 - Flare notifications
06:02 - PDF guide
06:21 - Beware of Stealer Logs
07:04 - Leaked credentials
07:20 - Flare helps businesses
07:33 - Demonstration of the script
09:42 - Conclusion
10:32 - Outro
tor
telegram
python
wordpress
dark web
deep web
flare
flare io
php
onion
onion websites
malware
haveibeenpwned
stealerlogs
stealer malware
malware analysis
cybersecurity
cybersecurity jobs
hacking
ethical hacking
hacking jobs
cyber security career
cybersecurity
cybersecurity careers
ceh
oscp
cybersecurity job
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#darkweb #hacking #tor
Thanks! Blurring now.
Can you do a video on ANGRYOXIDE PLEASE
David Bombal is doing wonders for cybersecurity. All for free to us on youtube. Thank you
Thank you! You're welcome!
David, yes to all of the above questions! This was a great topic, very interesting. Another positive I would add for you to consider is that these shorter format 10 to 15 minute videos are much easier to digest/watch at home or work around a busy schedule. Fantastic amount of info in a very brief video!
Thank you! Expect a lot more short videos like this :)
In summary, preventing these cyber attacks can be summarized as follows:
- Use the password manager and generate extremely secure passwords
- If possible, use passkeys as often as possible
- Enable 2FA for an additional layer of security.
For a business like mine, using Flare has been great. We get notifications if our credentials have been leaked on the dark web or are being talked about in Telegram channels etc. How do I protect myself and my team? Flare.io is one of those ways.
@@davidbombal just install the google recaptcha extension. it prevent the brutefroce attack. 2fa can create second strong security layer.
What is the difference between a passkey and password? I'm just starting my journey in cybersecurity (more as a hobby than a job at this point) and I'm not understanding the difference between the two.
that's only a very small part of "preventing cyber attacks", just in the area of authentication
4) Stay away from the internet! ;-)
OH MY GOD!! David this is both terrifying and amazing at the same time!!!
Thank you for being a hero!
Thank you! 😀
cloud flare or google recaptcha will give you protection against bruteforce attack. be confident. another thing is Session-fixation. that is a little bit scary.
“I have given myself permission to hack this website“ said the hacker just before executing the biggest hack in the history of computer hacking
never tough ima say this.. but thank you , i also been watching you for a long while and ive learnd allot especially from OTW , much love from germany
Was talking to a cyber security analyst at work about David’s channel saying how great it is and he definitely agreed.
Happy to hear that 😀
YES! We need more Solo David! All love all these types of videos but my top favorite are when you are teaching stuff like this it is always fun to watch.
I can't wait to see more stuff like this :D
Thank you! More to come!
This was a very informational video that was very short and simple.
The script was written well as well, I am going through and learning selenium slowly.
It is merely a constant "space race" between computational black hats and security researchers that will continue forever.
Thank you for what you do to keep the information security community alive.
Great thanks to you for this video. If you can make a series on how data is hacked (live examples) and how to prevent it that will be great.
It is so hard to keep up with this stuff. There is so much info. You make it easier for me to help protect my customers. Things seem to be getting worse. Thank you for your heads up and the info. THANK YOU "Flare" going to your site next!
Agreed. This is what I love about Flare - makes it so much easier to keep up as otherwise it's just a loosing battle with the number of hacks happening all the time.
Python is David's pet snake!
😂
The best cybersecurity chanel on TH-cam 😊
Thank you very much! 😀
Nice to see you again posting useful videos, i prefer to see you more, the interviews you take are nice and useful but personally speaking I prefer watching your videos in various subjects.
Thank you. I plan to create more of these types of videos 😀
Thanks for the post,Love the videos David 😀😀
Thank you! 😀
@@davidbombal 😊🙂
Guess who's birthday is coming
Time for a giveway maybe??
@@davidbombal yeah lessss gooooo
David Bombal a Gemini?
@@vinu3541yeah
@@kabaroplus this Monday
Love your videos!
Thank you! Glad you like them!
there is a double conundrum here if flare is not intended for individuals, yet there is a free trial and learning about a product most individuals can’t use.
A lot of people who watch my videos work for companies including small businesses. How would small businesses like mine protect ourselves? Using Flare as part of our cybersecurity defenses. You may not use this at home, but you may look into it for the company you work for. A lot of blue team products are aimed at businesses including Flare. I think it's important that you learn even as an individual what options are out there for the blue team.
Was thinking the same, seems like this video is for businesses only ..
One of the best channels on youtube.
Thank you! I appreciate that 😀
Thanks so much David
You are very welcome!
Great stuff. Thank you, David.
You're welcome! Glad you enjoyed it :)
Flare looks fantastic. it sucks they hide their pricing though (not shown on their website) and force people to give private information (name, email address, etc) just to find out Flare pricing. what a contradiction of transparency...
i just tried signing up for Flare but they don't allow you to use a Proton email address either. wtf's with that?
@@saysoco Was also confused by that
This is cool to know and learn! Thank you David!
Edit: Is there a way to create an anonymous account in Kali Linux to access the internet? I remember over a decade ago that there is a software tool that can do that and leave comments on the website.
Thank you :) Glad you liked it!
@@davidbombal I did!
Hats off ❤ for sir David Bombal
Thank you!
Master, one day I hope to have the same knowledge as you. Greetings from Italy!
Big thanks to you Sir, as always, it was more helpful as it is.☺🙏👍
You're welcome!
I am watching yours vidio day by day i love you and yours vidio from nepal you are very intelligent person in computer science.❤❤
Thank you 😀
Thanks for the video!
I already signed up with Flare! I have over 30 WordPress websites and I want to protect these websites. This tool is really helpful. Wondering how much does it cost? I didn't see any pricing on the website.
Scary stuff. It's seems it's all fair game.
What about biometric data, are our finger, voice and eyeballs on the dark Web?
You inspire me Sir. I would love to ask you this question. Do you teach hacking and cyber security?
You can learn a lot from my TH-cam channel. Otherwise look for my collaborations on Udemy and my website: davidbombal.com
@@davidbombalI've been following your channel for years now and it has helped me. What i need is structured and organized knowledge. Step-by-step
I would really love to learn.
Thanks David, I'm still curious if and when there will be a better verification method than the ones we know
Loved the python walk through
If the credentials were already leaked, is it still a hack?
Ye double hack
Nice python script. I had some ideas about extending the functions of the python script.
I developed mine using the python library mechanicalsoup utilizing the Statefulbrowser function so I don't have a predefined time to sleep to detect that html elements or strings have changed on the webpage, also allow you to avoid issues with html elements being changed as well.
Extended the login function by adding checking if the user has admin access if True Inject a php reverse shell into 404.php file, so that if anyone searches for an unknown resource it will send a reverse shell connection to the attacker.
In addition to protecting the apikey I used optparse to create an argument to add --apikey which I think inputting key value when script is called is better than storing in an environment variable.
oh wow, let's create a product for businessess and youtubers and never give access to it to people, so that the youtubers and businesses could protect themselves, but not the normal users. Just goes to show who they care the most about.
so amazing what u are offering David thx this peice of code will make people aware about the danger
Thank you! So important that people realize what is happening out there.
I`m learnig PYthon by myself but/and I`d like to learn from you Dave!
I've learnt python and I'm using it for cyber security, I've created a backdoor, ransomware, keylogger,we can learn together if you don't mind
A friendly reminder to Always keep your public facing passwords over 50 unique characters
as always inspiring video tnx dave
Nice work , congrats ❤
in what way can AI interact with the deep web?
Use a brute force protection plugin.
2FA authorisation.
Long random passwords.
Password manager.
Turn iff computers when not in use.
(Before you comment,Turning computers off may deter hackers whi are looking for a botnet that requires continuous uptime.)
We need some Blue Team videos teaching defensive strategies too.
Flare is a blue team defensive product. I'm showing what hackers can do with leaked credentials. But, how do companies protect themselves. Well, Flare can help you with that as they have a great Threat Intelligence Platform.
@@davidbombal Checking out the PDF now. Any chance the Python script will be available? Currently doing the Python Basic for Hackers via OTW but we’re not up to anything that complicated so far.
Why doesnt the website recognize that multiple attempts are being made back-to-back to gain access ?
Great video, heard that you can use Wordpress to create a site which could then be hosted on the Dark Web.
Is this true?
Sir android hacking video please
Coming soon - already recorded and now being edited 😀
@@davidbombalcan't wait to see them David please 😊
bro, superb indeed.
Also a friendly reminder your password or 2FA doesn’t matter if you click a phishing link and they get your session tokens… thanks to Microsoft for weird domain names confusing the shit out of people!!!
good to know !!
Hopefully you learned something new 😀
Hey Bro......My name is Biswadeb Mukherjee from India & I really love your demonstrations.....can you please demonstration live packet injections on a wifi network....please
Awesome video, thanks for explaining the python script to us. Did you share it anywhere, or you are gatekeeping it?
What if I use hash as my password?
Is it safe .?
I'm curious, the company that provides data leak monitoring services means collecting data where the data is stolen from threat actors. Is that legal?
Maybe the way the passwords were leaked was hacking but I don't count logging in with leaked credentials 'hacking'.
But you consider bruteforcing hacking?
@@dawidvanstraaten Nope.
@davidbombal please host Orange Tsai. I really need to see him
Please don't tell everything you know. some things should stay secret
Thanks, do you have a simple video DIY to check your System if it is compromised? Thanks
wow what a clever way of getting your subscribers e-mail adress so you can send campains
What are you talking about? I don't have my subscribers e-mail addresses. TH-cam has that information. If you referring to Troy Hunt's website - haveibeenpwned, please do some more research before making a comment like this.
is it legal to look at scary link on the dark web just to be curious?
Thank you but for me it's difficult to understand because I'm beginner in technology i don't understand some word English but thank you for your help i like this course
why do you always have a clean shaven face. i think a beard looks very nice on you
lol... my wife doesn't' want me to have a beard. Happy wife = happy life.
Even with the "sleep", you can brute force forever? Don't you get blocked after number of failed attempts? Where's the logic here? 😅
Obfuscate the wordpress admin URL. Use an IP allowlist for admin login. Use a IP blocker tool for incorrect login attempts.
That’s what I’ve done and change the default admin username.
So basically everything online is like Swiss cheese ?😂
Unfortunately it seems like that ☹️
why does the flare api give you peoples passwords?
But what if you use a login limiet of 3 attemps then to wait a hour
WordPress is a public toilet
Forgot to blur out email address at 4:22
what email does flare use i can't sign up
Thank you for all the information you provided, leave a like here ❤❤❤❤❤❤❤❤❤❤❤❤
Thank you ❤️
I want add USB ARSENAL in nethunter mobile
but how?
Thank you sir
You're welcome!
Wordfence mitigates this
Hello sir am having a very strange wording in terminal can i send you a mail plz
where is the python code???
Hello Me David. I have been doing research on puppy linux and would love it if you do a video for us that can afford a low end pc and also want to practice using something light like puppy
Yes more python !! Also like gave myself permission to hack my website
Wow❤
I hope you enjoy the video!
make a video about session fixation and session in user browser stoarge that can be accessable from thirdparty. or is it possible to have access to session that set from another website in users browser ?
Can you pls ask OTW to explain chapter 15 of Linux basics for hackers🙏🙏🕯️
Where can I learn python coding for free
Is completely download for kali linux
Make a video with chuck
Network Chuck? Go here: th-cam.com/video/C3misTE2ErA/w-d-xo.html
plz can you buy for me flipper zero
Hi❤
Hello!
❤
where is the pf file for this program
pdf*
@DB - 😳
Who runs wordpress sites in 2024 lol?
Which content management system or website builder do you recommend?
Half of the websites of the world
can i get script ?
dear david can you give me the script😇😇😇
Hello sir,
I want that python script. :)
Bullshits, strong passwords cannot be hacked.
Just another paid promotion video. Nothing to learn.
This is the stupidest comment I've seen lately.😂
can you do Cpanel crack using Telegram data?
You could write a script to hack anything including cpanel etc using leaked credentials. This is one of the biggest issues at the moment - as Tom explained in the Cisco Live video. Why try really difficult hacks when you can just login using usernames and passwords that have been leaked.
@@davidbombal i didnt think thank you my bad😅
can this script bypass google recaptcha ?
Not this specific one.
@@davidbombal is it even possible to bypass the google recaptcha or similar security layer? i think it need advanced AI tools or know how to write it, right? do you any of them ?
First
Very close!
day One
Thank you sir