David Bombal cover image

David Bombal

Latest episodes

undefined
Jul 2, 2025 • 12min

#501: Brute Force SSH & Build a Honeypot Now (Hydra and Cowrie Demo)

Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance of understanding both attack methods and defensive strategies in cybersecurity. Kyle also mentions free ethical hacking training resources available through Cisco Networking Academy (netacad.com) and future tutorials on Cisco U (u.cisco.com). // COMMANDS // Devices: client 192.168.1.10 server 192.168.1.11 ubuntu-honeypot 192.168.1.21 Nmap scan: nmap -sn 192.168.1.0/24 Verify Hydra installed: hydra -h Show wordlists: ls -al /usr/share/wordlists/ Crack with known username: hydra -l admin -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Crack with unknown username: hydra -L /usr/share/wordlists/top-usernames-shortlist.txt -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Create dir for Cowrie: mkdir cowrie cd cowrie/ Clone cowrie: git clone https://github.com/cowrie/cowrie . Launch the python virtual environment: python3 -m venv cowrie-env source cowrie-env/bin/activate Install python requirements: pip install --upgrade pip pip install -r requirements.txt Copy and edit the config: cp etc/cowrie.cfg.dist etc/cowrie.cfg vi etc/cowrie.cfg Setup port forwarding for SSH to Cowrie: sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 sudo iptables-save Start Cowrie: bin/cowrie start Check Cowrie status: bin/cowrie status View logs: tail -f var/log/cowrie/cowrie.log // Kyle Winter’s SOCIALS // Socials: / kyle-m-winters Cisco Blogs: https://blogs.cisco.com/author/kylewi... // Website REFERENCE // https://www.netacad.com/courses/ethic... https://u.cisco.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Jul 2, 2025 • 23min

#500: MCP Demo using Python, AI and a self healing network (Model Context Protocol)

Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. See how Cisco engineer Kareem Iskander teams up with David Bombal at Cisco Live San Diego 2025 to build a self-healing network in real time. Using the new Model Context Protocol (MCP), Splunk logs, Meraki APIs, and Anthropic Claude, Kareem’s Python code lets an LLM detect configuration drift and automatically revert changes, no manual troubleshooting required. You will learn: • What MCP is and how it exposes trusted tools to an LLM • How Claude reads Splunk, correlates Meraki changes, and repairs configs • Why two lines of code can spin up an entire MCP server from OpenAPI specs • Where to find Kareem’s full code on GitHub and his upcoming Cisco U tutorial // Code // Get the code here: https://github.com/kiskander/mcp-splu... //Kareem Iskander SOCIALS // LinkedIn: / kiskander X: https://x.com/kareem_isk Cisco Blogs: https://blogs.cisco.com/author/kareem... // Website REFERENCE // https://github.com/kiskander/mcp-splu... https://u.cisco.com/tutorials/enhance... https://u.cisco.com/tutorials/network... https://u.cisco.com/tutorials/network... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Jun 26, 2025 • 44min

#499: Your firewall won't save you from this 😱

Big thanks to Radware for sponsoring this video and sharing technical insights with us! David Bombal talks with Michael Geller (Radware) and Tim Sherman (Cisco) about how smart devices like fridges, cars, and cameras are being hijacked for DDoS attacks. They explain Web DDoS, encrypted Layer 7 threats, and how attackers bypass traditional firewalls. The discussion covers IoT botnets, API abuse, 5G core vulnerabilities, and how Cisco and Radware are defending cloud and edge infrastructure. // Radware’s SOCIALS // X: https://x.com/radware LinkedIn: / posts Website: https://www.radware.com/ // Web page REFERENCE // http://livethreatmap.radware.com https://www.radware.com/security/ddos... https://www.radware.com/solutions/web... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: https://open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Your Firewall Won’t Save You From This Stop Is Your Car Launching Cyberattacks Your Home Appliances Weaponized by Cybercriminals DDoS Just Got Smarter Layer 7 Is Nightmare How Default Bots Cripple Hospitals and Systems Electric Cars Under Siege from Smart Devices Cybersecurity Blind Spot Your Car Is Compromised The Hidden Threat Everyday Devices Hacked Now Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Apr 2, 2025 • 1h 24min

#498: DDoS Attacks (HTTP/2, DNS, Hacktivist) // Real World Technical Analysis

Pascal Geenens, a security researcher and threat analyst at Radware, digs into the complex world of DDoS attacks, drawing on insights from his latest threat reports. He reveals how hacktivists leverage IoT vulnerabilities for attacks and discusses the critical role of AI in both cyber threats and defense mechanisms. The chat delves into dangerous DDoS tactics, including the exploitation of HTTP/2 and compromised home routers. With the landscape evolving rapidly, Geenens emphasizes the urgent need for robust security strategies to safeguard against increasingly sophisticated threats.
undefined
Mar 18, 2025 • 27min

#497: Want to break into Cybersecurity? This is where the most jobs are at!

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // GIVE AWAY// Gerald is giving away 10 seats in the Simply Cyber Academy GRC Analyst Master Class (Value: $149) to 10 lucky David Bombal viewers. To enter the giveaway go here: https://gleam.io/VVK24/simply-cyber-g... // DISCOUNT // To get 10% discount on Simply Cyber Academy GRC Analyst Master Class go here: https://simplycyber.io/grc use the following discount code BOMBAL10 // Gerald Auger’s SOCIAL // YouTube: / @simplycyber Website: https://www.simplycyber.io X: https://x.com/gerald_auger LinkedIn: / geraldauger Discord: https://simplycyber.io/discord // Daily Cyber Threat Live Stream REFERENCE // / geraldauger // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:53 - What is GRC (Governance, Risk and Compliance)? // GRC explained 04:42 - Businesses taking cyber security more seriously in 2025 07:21 - Is GRC a good career path? 09:58 - Cyber security careers are vast: pick your path 14:49 - Introverts can be successful in GRC 15:47 - GRC for the younger generation // The importance of networking with people 17:57 - Simply Cyber livestreams, live podcasts and discord community 19:17 - How to get started in GRC 20:35 - GRC Analyst Master Class 21:30 - How to get started in GRC (continued) 22:51 - Course giveaway and discount 23:42 - Simply Cyber Daily Cyber Threat Brief 26:51 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Mar 14, 2025 • 25min

#496: Left school at 15 ... hacks and creates $$$ Billion dollar Cybersecurity company

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Danny Jenkin’s SOCIAL // X: https://x.com/threatlocker LinkedIn: / dannyjenkinscyber // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Languages the ThreatLocker CEO can code in // Being a CEO that is technical 02:04 - How Danny became CEO // The backstory of Danny Jenkins, CEO & Co-Founder of ThreatLocker 08:37 - Being a technical CEO 10:28 - Having a team that is dedicated 13:23 - The importance of being technical and understanding every department 14:21 - Lessons learnt and advices 17:30 - Long-term vision for ThreatLocker 18:30 - What lead to starting ThreatLocker 19:59 - New releases from ThreatLocker 21:18 - Thoughts on AI // The influence of AI in cyber attacks 24:35 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Mar 8, 2025 • 11min

#495: Linus Tech Tips Cybersecurity?

Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Luke Lafreniere’s SOCIAL // YouTube: / lukelafreniere YouTube: / @linustechtips LinkedIn: / luke-lafreniere-44138795 X: https://x.com/luke_iafr // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

 // MENU // 0:00 - Coming up 0:36 - Luke from Linus Tech Tips irl 01:00 - Thoughts on the Rubber Ducky 02:48 - Thoughts on the O.MG cable 03:23 - The Linus Tech Tips breach // Using ThreatLocker as a solution 04:24 - Threat levels for the company 07:22 - Securing a growing company 10:41 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Feb 26, 2025 • 25min

#494: Trust No One by default!

Big thank you to ThreatLocker for sponsoring this video and my trip to ZTW25. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Rob Allen’s SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // YouTube video REFERENCE // Can this mind blowing Reverse Shell Attack be stopped?: • Can this Mind Blowing 🤯 Reverse Shell... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:44 - Intro 0:55 - Stopping Jackoby's Hack 02:10 - Threatlocker VS Traditional Solutions 03:33 - Deny By Default, Permit By Exception 05:06 - Ransomware Deployment Protocol (RDP) 06:58 - Are Organisations Safe? 10:31 - Allowlisting 11:48 - What is 'Ringfencing'? 13:20 - What is 'Network Control'? 16:44 - What About Cloud Security? 19:48 - Rob's Opinion on AI 22:33 - Threatlocker's Growth 24:51 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Feb 18, 2025 • 16min

#493: AI systems are being hacked!

Big thanks to Cisco for sponsoring this video and sponsoring my trip to Cisco Live Amsterdam. // DJ Sampath’s SOCIAL // LinkedIn: / djsampath X: https://x.com/djsampath // YouTube Videos REFERENCE // Are you using a Hacked AI System?: • Are you using a Hacked AI system? Cisco AI Defense!: • Cisco AI Defense: Groundbreaking secu... // Blogs REFERENCE // https://blogs.cisco.com/security/eval... https://www.cisco.com/c/m/en_us/solut... https://blogs.cisco.com/security/eval... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:31 - Intro 01:30 - Can You Block AI? 03:10 - DJ's Demo (Cisco Cloud Security) 06:16 - Jailbreaking AI 09:58 - Deepseek's Open Source 11:41 - AI Defence 14:40 - Should We Avoid AI? 15:24 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #deepseek #chatgpt #ai
undefined
Feb 18, 2025 • 20min

#492: Are AGI and humanoids coming in 2025?

Big thanks to Cisco for sponsoring this video and sponsoring my trip to Cisco Live Amsterdam. // Jeetu Patel’s SOCIAL // LinkedIn: / jeetupatel Website: https://www.cisco.com/ X: https://x.com/jpatel41 // Cisco Live KEYNOTE // • LIVE: Cisco Live 2025 Amsterdam Openi... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:47 - The Hype Cycle of A.I. and Agentic A.I. 02:22 - OpenAI Operator 03:50 - The DeepSeek Effect 05:57 - The Operator Effect // Moving from API to NLI 10:42 - Artificial General Intelligence & Robotics 11:48 - The fear of A.I. in the short term 12:34 - Focusing on A.I. for long and short term 13:08 - Jeetu Patel's new role 14:00 - Core principles 15:20 - The future of networking and security 16:47 - Let A.I. do the rest 19:36 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #deepseek #chatgpt #ai

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app