David Bombal

#435: Real World Hacking Demo with OTW

Jul 10, 2023

Real world hacking expert OTW demonstrates SQL Injection attack from recent MOVEit hack. Discussion includes impact of OTW's work, ongoing hacks by CLOPS group, cybersecurity threats by Russian hackers, evolution of SQL Injection exploits, and upcoming hacking classes.

40:50

Creator website

Episode guests

OTW

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Hackers exploit SQL injection vulnerabilities in Moveit Transfer to extort companies for ransom.

Occupy the Web offers cybersecurity classes on advanced topics like SDR, Bitcoin forensics, and mobile systems vulnerabilities.

Deep dives

The Rise of CLOPS and Moveit's Compromised security

The hacking organization CLOPS has been executing numerous cyber attacks using a website on the dark web to track their targets, including prominent companies like Taiwan semiconductor, Siemens, UCLA, and more. More than 150 companies have fallen victim to these relentless attacks, which involve exploiting vulnerabilities in software like Moveit transfer, allowing unauthorized access to databases through SQL injection techniques.

The Severity of SQL Injection Vulnerabilities

01:15

Exploiting SQL Injection to Gain Unauthorized Database Access

01:15

Recreating Exploits from Patch Analysis

01:13

Introduction

2min

Discussion on Occupy the Web's Impact and Future Book Releases

2min

Revealing the Ongoing Hacks on 'Move It' Software by CLOPS Group

3min

Cybersecurity Threats and Extortion by Russian Hacking Group

3min

Evolution of SQL Injection Exploits

27min

Upcoming Hacking and Cyber Security Classes

4min

This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack. Big thank you to Juniper Networks for supporting the community and making training free. Go to https://juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). // Mr Robot Playlist // • Mr Robot // Proof of Concept // Horizon3: https://www.horizon3.ai/moveit-transf... // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: / davidbombal // Occupy The Web social // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses: https://hackers-arise.com/online-stor... // Occupy The Web books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh Top Hacking Books you need to read: • Top Hacking Books... // Other books // The Linux Command Line: https://amzn.to/3ihGP3j How Linux Works: https://amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: https://amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: https://amzn.to/3dDUZN8 // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot Want to learn more from Occupy the Web? You can join his classes using these links: Hacker's Arise Pro Subscription" https://hackers-arise.com/online-stor... Get 3 year's access to all live courses: https://hackers-arise.com/online-stor... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:55 - Juniper Free Training (Sponsored segment) 01:51 - OccupyTheWeb books and new books 03:57 - The MOVEit breach explained 05:20 - Clop website // Companies affected 08:52 - The two different vulnerabilities 10:26 - The truth about SQL Injection 12:21 - Using Shodan 14:05 - Proof of concept of the exploit 16:18 - SQL Injection example 20:35 - MOVEit hack analysis / How it was done 28:57 - CVE-2023-35708 SQL Injection vulnerability explained 30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked 31:01 - SQL Injection hack in the real world 32:45 - OccupyTheWeb online classes 33:46 - Union statement // Stacking queries demo 37:02 - Upcoming OccupyTheWeb courses and classes 39:50 - Conclusion MOVEit sql sql injection hack hacking hacker pegasus cybersecurity Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #hacking #cybersecurity #sql

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

David Bombal

#435: Real World Hacking Demo with OTW

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Rise of CLOPS and Moveit's Compromised security

CLOPS' Tactics and Motives in Ransomware Attacks

The Complexity of Exploiting SQL Injection in Moveit Transfer

Educational Opportunities and Future Cybersecurity Classes

The Severity of SQL Injection Vulnerabilities

Exploiting SQL Injection to Gain Unauthorized Database Access

Recreating Exploits from Patch Analysis

Remember Everything You Learn from Podcasts