This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack. Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL If you have issues with the Juniper registration, please use these links that they gave me: For Login assistance link userregistration.juniper.net/loginassistance Customer Support link- support.juniper.net/support/requesting-support/ // Mr Robot Playlist // ruclips.net/p/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q // Proof of Concept // Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: ruclips.net/user/davidbombal // Occupy The Web social // Twitter: twitter.com/three_cube // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw // Occupy The Web books // Linux Basics for Hackers: amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh Top Hacking Books you need to read: ruclips.net/video/trPJaCGBbKU/видео.html // Other books // The Linux Command Line: amzn.to/3ihGP3j How Linux Works: amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8 // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:55 - Juniper Free Training (Sponsored segment) 01:51 - OccupyTheWeb books and new books 03:57 - The MOVEit breach explained 05:20 - Clop website // Companies affected 08:52 - The two different vulnerabilities 10:26 - The truth about SQL Injection 12:21 - Using Shodan 14:05 - Proof of concept of the exploit 16:18 - SQL Injection example 20:35 - MOVEit hack analysis / How it was done 28:57 - CVE-2023-35708 SQL Injection vulnerability explained 30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked 31:01 - SQL Injection hack in the real world 32:45 - OccupyTheWeb online classes 33:46 - Union statement // Stacking queries demo 37:02 - Upcoming OccupyTheWeb courses and classes 39:50 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
PEGASUS SPYWARE: Pegasus has the ability to access devices, without victims pressing a link, is what they learned us so far. But that is a lie, it is way more Intelligent than that. The Virus is hidden in Memes and Thumbnails, it’s spread across the World every time after devices Update, using Social Media, and Unaware Victims Executing video’s, Thumbnails, images etc.
Sir gave a video on upwork scammers how to hack their computer through PDF. please sir.. please sir... please sir....I have been a victim of many scams! I want to take action against them.😢😢😢 They made me work, many times they didn't pay.
@@davidbombal hey can you guys make a full website deface video plz its very common people search for but they dint get much info on that i hope OTW may do it or john
The knowledge flows out of him so casually and easy to understand. Its typically a skill you find in someone that's been doing "It" most of their life. He teaches as easily as someone else might tie their shoes.
Keep it up David, videos with OTW are full of valuable information. Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.
1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)
It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always
It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.
Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.
such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.
The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.
It's always amazing learning you and much more when master OTW is in class. Thanks to you both. I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️
Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)
Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!
Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.
Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.
Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative
Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.
It's not about cyber sec only for you to be exposed to some simple sql injection techniques and how it works in the back, even for us in Software Engineering/Comp Science, one of my lecturers in the web app networking module discussed with us about sql injection, cross site scripting, and other sorts of old school hacking techniques, honestly, I think that every single person involved into IT needs to have at least a basic grasp/knowledge of these technoiques and their basics, or at least know what they are about, maybe in the near future everybody will need to know this, which I'm not really a fan of but, the world is moving forward, and we all need to adapt to it.
Bombal Sir. I am very Sorry. I ddos'ed your site. I thought it would be difficult. But it was gone on the first try. But now ddos is not working. The reason is you are a very Good hacker. You fixed the site and now it is not getting affected.
OTW is awesome! I enjoy his courses and books! Great wealth of knowledge for anyone getting into the IT world. Thanks David for the awesome collaboration!
@@oppenheimer11 sorry for delayed response. Yes I have a subscriber package, which consists of beginner to intermediate courses. There is also a Pro package for advanced hacking courses. I signed up end of last year when I was completing a Cyber bootcamp so I was familiar with a lot of the trainings/courses but OTW takes it to the next level and expands on each of the subjects. A deeper learning. I enjoy his books and trainings, helping me learn more of the offensive/red teaming methodologies. I would recommend to anyone looking to enter either the security/pentest part of the industry.
For me it’s easier to suppose it’s someone with access to the source code who wrote it. Instead it was a dozen of people researching for years what to write in an input.
David and John Hammond are definitely behind these hacks. Being an incredibly wholesome, cybersecurity content creators and collaborators is a pretty good cover… just unsuspecting enough. Avunit?
This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack.
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
If you have issues with the Juniper registration, please use these links that they gave me:
For Login assistance link userregistration.juniper.net/loginassistance
Customer Support link- support.juniper.net/support/requesting-support/
// Mr Robot Playlist //
ruclips.net/p/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q
// Proof of Concept //
Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: ruclips.net/user/davidbombal
// Occupy The Web social //
Twitter: twitter.com/three_cube
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw
// Occupy The Web books //
Linux Basics for Hackers: amzn.to/3JlAQXe
Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh
Top Hacking Books you need to read: ruclips.net/video/trPJaCGBbKU/видео.html
// Other books //
The Linux Command Line: amzn.to/3ihGP3j
How Linux Works: amzn.to/3qeCHoY
The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM
Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming Up
00:55 - Juniper Free Training (Sponsored segment)
01:51 - OccupyTheWeb books and new books
03:57 - The MOVEit breach explained
05:20 - Clop website // Companies affected
08:52 - The two different vulnerabilities
10:26 - The truth about SQL Injection
12:21 - Using Shodan
14:05 - Proof of concept of the exploit
16:18 - SQL Injection example
20:35 - MOVEit hack analysis / How it was done
28:57 - CVE-2023-35708 SQL Injection vulnerability explained
30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked
31:01 - SQL Injection hack in the real world
32:45 - OccupyTheWeb online classes
33:46 - Union statement // Stacking queries demo
37:02 - Upcoming OccupyTheWeb courses and classes
39:50 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
Juniper network training not working. their link to register is down currently, keeps taking me in circles.
PEGASUS SPYWARE:
Pegasus has the ability to access devices, without victims pressing a link, is what they learned us so far. But that is a lie, it is way more Intelligent than that.
The Virus is hidden in Memes and Thumbnails, it’s spread across the World every time after devices Update, using Social Media, and Unaware Victims Executing video’s, Thumbnails, images etc.
Ty for everything you do
ThankYou for the new video Mr Bombal.
Sir gave a video on upwork scammers how to hack their computer through PDF. please sir.. please sir... please sir....I have been a victim of many scams! I want to take action against them.😢😢😢 They made me work, many times they didn't pay.
Very cool to see the MOVEit coverage here -- and especially thank you for the Huntress shoutout! :)
Great to see you here John!! You and the team at Huntress are amazing! Got to get you back here :)
@@davidbombal hey can you guys make a full website deface video plz its very common people search for but they dint get much info on that i hope OTW may do it or john
Occupytheweb your voice is life. So calming. ^_^
The knowledge flows out of him so casually and easy to understand.
Its typically a skill you find in someone that's been doing "It" most of their life.
He teaches as easily as someone else might tie their shoes.
Agreed! "If you can't explain it simply, you don't understand it well enough." Albert Einstein
You two never fail to disappoint. Amazing as always OTW and David. Bravo
Thank you very much!
UNION you also have to have the same data type : varchar,number,DateTime etc
Never fail to disappoint.. 😅
OTW=respect.
Agreed.
@@davidbombaltell him he owes me a pizza.
otw = american spy
I'm a SQL developer who is trying to transition into Cybersecurity (just passed CompTIA Security +), and I REALLY enjoyed this! Thank you
That's why stored procedures are the best option to avoid any issues with what the DB does or what data is involved.
Keep it up David, videos with OTW are full of valuable information.
Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.
Thank you. Glad you got all the content 😀
I agree I like to watch David in all my free Time:)
This channel is an absolute gem for the IT community! Thank you for bringing consistently great content, David!
Thanks David Bombal and OTW for this amazing video.
I definitely push my team to watch it.
🎉
Thank you! Glad you enjoyed it!
Seeing OTW, instant like and watch. Best content on YT, and best content on your channel! Waiting for more, great stuff.🤞
1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)
I've learned a lot of practical knowledge from listening to OTW and Mr. Bombal.
It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always
You're welcome! I think it's great to see a current, real version of this, and then to learn the basics if you don't know yet :)
David, we enjoy OTW, and you are the reason we know him. So, thank both of you
Thank you very much!
It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.
Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.
David we need more real world hacking senarios like this one.
I realy respect for host tge way he breaks down everything
As always Mr.david surprise us with intresting topics wich help a lot. Really appreciate it sir .
OTW is a gift to the world! so are you David!
awesome video, i love all the information and links you provide. you guys are nailing it!! keep it up
Thank you very much!
As always, when I see a video with OTW, I do hit like and watch the video! Great stuff!
such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.
"You can't be a hacker if you don't know programming... If I read source code and understand it, it's because I'm capable of writing it."
Another great lesson. Thank You David and Master Occupy The Web.
Awesome video! Very well explained and easy to follow along. What great teachers!
I love OTW❤❤❤❤❤.... and also DAVID BOMBAL who represent this type of man on the viewers....
Nice episodes really enjoy them, as a software Developer, this will be a great skill to acquire, much love from South Africa.
Thank you very much for always putting in very informative content. I am enjoying it from South Africa
Such a great vid, probably my fav so far! Thanks for sharing!
Im a student of OTW and his classes are top notch in every aspect! Thanks David for the interview, RESPECT ❤️
So do u really recommend me to buy a subscription to his classes?, since it will be very expensive to me.
@@sdwsom4287 if you want, try his classes in the gold membership which is monthly then upgrade your membership
@@ebooooo1213 OK thanks mate.
@@oppenheimer11 they have different levels. You can get the starter bundle get some knowledge then join classes
Always happy to have OTW and you posting videos on here together🎉🎉
Thank you. Lots more to come!
@@davidbombal can we get a Neal + OTW round table discussion?! 🫣🤩
love the OTW episodes...would love a more in depth episode on ss7 and 2fa also if possible
The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.
I work in a SOC. I'm going to buy this guy's books for sure.
very cool as always ;). Good story, cold beer and OTW!
What a guy you are, David. In the middle of the mountains taking a moment to record something for your sponsor 😂
It's always amazing learning you and much more when master OTW is in class. Thanks to you both.
I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️
All my respect for OTW, and You David. Thank you!
Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)
Lots of love to my man David Bombal.
David, your channel would be amazing regardless, OTW is just a bonus!
More OTW ! But we got our fix for today! Keep up the awesome job!
We are planning to record a lot of videos 😀 Hope you really enjoyed today's video.
@@davidbombal omg it was awesome thanks again!
This sure is real. Again LOVE seeing you covering these topics David and GREAT to see you OTW!
Thank you. So nice having OTW share his knowledge and experience with all of us 😀
Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!
Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.
hitting the like button before i start watching - i know it will be awesome 👏 thank you
man i love ur content. i follow u on spotify as well. more otw and sparc flow pls and ty david. JUST GREAT CONTENT!
See you next time OTW. Thx David always great interview
David and OTW explain things in lamens terms so us newbs can comprehend it
They must have done a shit load of recon, to know the table names and columns. Wow
OTW mentions that it took them 2 years ...
Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.
Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative
Great 👍 thanks @David as usual learnt a lot
Thanks David and OTW.
Very knowledge filled.
Glad you enjoyed it
Thank you, David, for everything
Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.
Thnkz david so much without ur youtube channel we cant get this great man (OTW).....
You rock David !! Always the best videos :) Looking forward for more videos with OTW.
Excellent content my friend David and OTW.
Much appreciated!
The ... " we have a chance moment" just awesome.
Thanks David & OTW i never miss your video and i will never miss it❤❤
Brilliant video David and OTW...🌟
this video this informations so good . i will learn it right now . i just want be safe from all internet
Ooh this hack was a work of art. Good analysis!
amazing 🥇I like this kind of videos Dave
Thank you for one more great episode
i like to do the OTW femtocell class
thank you david to become a medium of transferring this knowledge to us
Thanks David I really need that video 👍❤️
You're welcome! I hope you enjoyed the video 😀
That was brililant info. I must have missed when this came out.
Another great video David.
OTW IS BACK!!! Love it!!
This duo you are amazing. Thanks for those knowledge
Thanks David. Splendid stuff
You're welcome!
Thank you for all the good things you do, David. We all love you!
Very nice content sir! Thank you very much
Thank you! Glad you enjoyed the video :)
Many thanks to you David and OTW for the great job you're doing. Maximum respect.🙌🙌
Every time I see new vid I’m happy that i pushed the subscribe button
Otw welcome back legend❤
Thanks David and OTW
Great video, can't wait for the SEQUEL 😄
Salute you both,
thanks a lot ❤❤❤
It's not about cyber sec only for you to be exposed to some simple sql injection techniques and how it works in the back, even for us in Software Engineering/Comp Science, one of my lecturers in the web app networking module discussed with us about sql injection, cross site scripting, and other sorts of old school hacking techniques, honestly, I think that every single person involved into IT needs to have at least a basic grasp/knowledge of these technoiques and their basics, or at least know what they are about, maybe in the near future everybody will need to know this, which I'm not really a fan of but, the world is moving forward, and we all need to adapt to it.
Bombal Sir. I am very Sorry. I ddos'ed your site. I thought it would be difficult. But it was gone on the first try. But now ddos is not working. The reason is you are a very Good hacker. You fixed the site and now it is not getting affected.
OTW!! Let’s gooo!
Love you sir from india😊
Thank you! I appreciate your support!
looks like utah in the ad. the Cedar Breaks is a wonderful place. I LOVE IT HERE IN UTAH!!! P.S im not mormon. I'm a normal person :P
OTW is awesome! I enjoy his courses and books! Great wealth of knowledge for anyone getting into the IT world. Thanks David for the awesome collaboration!
@@oppenheimer11 sorry for delayed response. Yes I have a subscriber package, which consists of beginner to intermediate courses. There is also a Pro package for advanced hacking courses. I signed up end of last year when I was completing a Cyber bootcamp so I was familiar with a lot of the trainings/courses but OTW takes it to the next level and expands on each of the subjects. A deeper learning. I enjoy his books and trainings, helping me learn more of the offensive/red teaming methodologies. I would recommend to anyone looking to enter either the security/pentest part of the industry.
Telling the truth is crazy in a world full of lies. Needed that one but thanks to *Metaspyclub* who granted me his Text.
Mr. David, you are like Cristiano Ronaldo in Cyber, but who is Messi? , he is occupy 🤔🤔
occupy
How are you?
I missed you man 😊
Big thanks Mr David ❤
Thank you! But, you are too kind 😀
For me it’s easier to suppose it’s someone with access to the source code who wrote it. Instead it was a dozen of people researching for years what to write in an input.
Great episode, well explained
Love your work guys 👏
David and John Hammond are definitely behind these hacks. Being an incredibly wholesome, cybersecurity content creators and collaborators is a pretty good cover… just unsuspecting enough.
Avunit?
Những Video có OTW thật sự rất hay!!
Thank you Juniper, thank you David for this and to Occupie the Web the G.O.A.T. for your time a biblical, Dankie...A DANKO 😂
Your videos are super cool so even I make videos like you do! Cool videos you make...........
Super informative thank you!
I disagree with reddit. David is amazing
Thank you! I appreciate that 😀
Exactly. The quality of Bombal's content is on point. Keep fighting the good fight, sir