David Bombal

David Bombal
undefined
Sep 24, 2025 • 1h

#515: Phishing the AI: Zero-Click NIGHTMARE

In this discussion, cybersecurity expert Pascal Geenens dives into the chilling world of AI vulnerabilities. He explains how 'agents' pose new insider risks and can be manipulated through phishing—a method he terms 'ShadowLeak.' Pascal warns about the dangers of prompt injection and highlights how automated tools empower attackers. He also touches on the growing opportunities in cybersecurity for newcomers, encouraging a proactive approach to secure AI deployment. With insights into the evolving threat landscape, this chat is a must-listen for anyone concerned about digital security!
undefined
Sep 22, 2025 • 43min

#514: Why People Buy the WRONG Laptops for Hacking

Big thanks to Proton VPN for sponsoring this video. To get 64% discount to your Proton VPN Plus subscription, please use the following link: https://protonvpn.com/davidbombal Want a “hacker” laptop without wasting cash? In this candid breakdown with OTW, we cut through the hype and show you what actually matters for learning pentesting in 2025: prioritising RAM over flashy GPUs, picking VMware (free for personal use) for reliable labs, using refurbs/minis/Raspberry Pi, and planning for where wireless hacking is going (Bluetooth/BLE/Zigbee) — not just Wi-Fi. We also cover AMD vs Intel vs Apple M-chips/ARM for Linux VMs, when cloud cracking makes sense, and why daily practice beats buying gadgets. Highlights: • Best beginner specs (RAM first, SSD nice, storage ≠ speed) • VMware vs VirtualBox for home labs • AMD/Intel vs Apple M-chips/ARM for Kali/Parrot VMs • Alpha adapters & aircrack-ng compatibility; Nordic nRF52 for BLE • Budget path: used/refurb, mini-PCs, Pi, phone/cloud labs (HTB/THM) • The 80/20 rule of hacking: skills are greater than gear If you’re delaying until you can afford a $2 – 3k laptop, don’t. Start now, learn daily, and upgrade later. // Occupy The Web SOCIAL // X: / three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: • Linux for Hackers Tutorial (And Free Courses) Mr Robot: • Hack like Mr Robot // WiFi, Bluetooth and ... Hackers Arise / Occupy the Web Hacks: • Hacking Tools (with demos) that you need t... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 01:21 - Proton VPN sponsored segment 03:16 - Get started and start learning 08:39 - Computer specs: CPU, GPU, RAM & Hard drives 16:46 - Time vs Money 17:58 - Virtual machines 19:15 - Computer specs overview 22:17 - Wi-Fi adaptors for Wi-Fi hacking 24:17 - Bluetooth dongles for Bluetooth hacking 26:57 - "80% Person & 20% Machine" 29:17 - Do you need hacking gadgets? 31:57 - Apple vs Intel vs AMD 35:53 - Learn hacking with a smartphone 37:01 - Learn hacking with a Raspberry Pi 39:32 - Kali Linux vs ParrotOS (Which OS to use?) 40:58 - The problem with Chromebooks 42:02 - Using Hack The Box/TryHackMe // Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #hacking #laptop #vm
undefined
Sep 20, 2025 • 48min

#513: Is your WiFi or Internet slow? This can fix it.

Justin Melloni and Andre du Iuri from Juniper Networks delve into AI-native SD-WAN solutions that enhance internet connectivity. They reveal how tunnel-free setups boost speeds and how Marvis AI chats with users to troubleshoot network issues in real-time. The duo covers practical tips for monitoring Zoom and Teams call quality while explaining straightforward security protocols. Listeners will appreciate insights on catching network issues before work begins, making slow internet woes a thing of the past.
undefined
9 snips
Sep 15, 2025 • 38min

#512: All Encryption Hacked in 3 Years?

Occupy The Web, a cybersecurity expert and author known for his insights into Linux, hacking, and encryption, joins the discussion. He warns that quantum computing could break current encryption methods like RSA within three years. The conversation covers the urgent need for post-quantum cryptography, the risks associated with client-side scanning, and nation-states' strategies to exploit vulnerabilities. They also touch on ethical dilemmas concerning AI on personal devices and privacy, making this a crucial listen for anyone concerned about data security.
undefined
15 snips
Sep 13, 2025 • 26min

#511: Becoming a Ghost Online: 3 Privacy Levels

In this discussion, privacy expert Mishaal Khan, founder of OperationPrivacy.com, unveils essential strategies for guarding your online identity. He shares insights into his free dashboard that categorizes privacy into three levels: Conscious, Serious, and Ghost. Discover practical steps like freezing your credit, opting out of data brokers, and using harmless decoys to push down unwanted search results. Mishaal also dives into the importance of manual intervention in maintaining online privacy and offers tips for dealing with personal content removal.
undefined
Sep 11, 2025 • 32min

#510: 20–30% Of Attacks Use AI: John Hammond details today’s hybrid attacks

To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription. In this 2025 deep-dive, David Bombal sits down with John Hammond to map the real state of hacking: classic ransomware/infostealers meet AI-assisted malware (including code that leverages LLMs). We unpack the ClickFix and FileFix social-engineering patterns, fake CAPTCHA and “save/upload” flows that trick users into running payloads, and the practical Windows mitigations (policy/registry ideas) you should know. John shares why he estimates 20–30% of attacks now have some AI touch, how social engineering scales, and where defenders can push back. For your career, he argues opportunities are expanding: use CTFs, show your work on GitHub/video, and consider OSCP for signaling. He also introduces Just Hacking Training (JHT), handson hack-alongs, archived CTFs, free upskill challenges, and pay-what-you-want courses with industry all-stars. What you’ll learn: • How ClickFix/FileFix actually trick users • Realistic mitigation tactics you can apply • The current role of AI in malware • Career roadmap: CTFs → OSCP → portfolio • Where to get hands-on: JHT resources // John Hammond’s SOCIALS // YouTube: / @_johnhammond X: https://x.com/_johnhammond LinkedIn: / johnhammond010 Discord: / discord Instagram: / _johnhammond TikTok: / johnhammond010 GitHub: https://github.com/JohnHammond Humble Bundle: https://www.humblebundle.com/?partner... Just Hacking Training: https://www.justhacking.com/ ClickFix Website: https://clickfix-wiki.github.io/ // YouTube video REFERENCE // Linux got hacked with this AI Image: • Linux got Hacked with this AI image! Hackers trick everyone to run malware (FileFix): • hackers trick everyone to run malware (Fil... OSINT Tools to track you down: • OSINT tools to track you down. You cannot ... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:58 - Intro & Current State of Hacking 03:42 - Brilliant Advert 05:14 - The Wave of AI Attacks 07:43 - Click(Fix) Hack 10:10 - FileFix: The Future Hacks 11:14 - Current Affairs & Social Engineering 15:17 - Raising Awareness 19:18 - Security Research 20:51 - Is There a Future for Younger People in This Industry? 22:54 - What Should I Do to Get There? 24:11 - Recommended Certifications 26:34 - Where Do I Start? 28:26 - About John Hammond’s Work 31:12 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Sep 11, 2025 • 30min

#509: AI + Metasploit = Terrifyingly Easy Hacking is here (demo)

In this ethical lab demo, David Bombal and Kyle Winters connect Claude (LLM) to Metasploit through an MCP (Model Context Protocol) server to automate real attacks. Watch AI perform recon, generate a risk report, and execute VSFTPD backdoor, EternalBlue (SMBv1), and UnrealIRCD—dropping benign files on Linux and Windows with simple prompts. Educational use only on intentionally vulnerable VMs. Do not attack systems you don’t own or lack permission to test. What you’ll see • How MCP bridges an AI to real tools (Metasploit RPC) • AI-driven scanning + auto security report (services, versions, risks) • Prompted exploits: VSFTPD, EternalBlue, UnrealIRCD • Why this lowers barriers for red teams—and what blue teams should do // Sponsored SEGMENT // Big thanks to Cisco for sponsoring this video. // Kyle Winters SOCIAL // LinkedIn: / kyle-m-winters Cisco Blogs:  https://blogs.cisco.com/author/kylewi... // Websites REFERENCE // MetasploitMCP by GH05TCREW: https://github.com/GH05TCREW/Metasplo... Kareem Iskander's MCP blogs: https://blogs.cisco.com/author/kareem... Cisco U.: https://u.cisco.com?ccid=cisco-u&dtid... // Video REFERENCE // MCP Demo using Pythong: • MCP Demo using Python, AI and a self heali... Brute Force SSH: • Brute Force SSH & Build a Honeypot Now (Hy... Hacking LLMs: • Hacking LLMs Demo and Tutorial (Explore AI... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Menu // 0:00 - Coming up 0:58 - Disclaimer 01:00 - Introducing Metasploit MCP Server (by GH05TCREW) 03:01 - Metasploit MCP Demo 1 05:12 - Metasploit MCP Demo 2 10:59 - Metasploit MCP Demo 3 16:18 - Metasploit MCP Demo 4 19:15 - Metasploit MCP Demo 5 21:45 - How AI is changing cybersecurity 23:07 - Metasploit MCP Demo 5 continued 26:51 - Metasploit MCP server summary 28:00 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Sep 1, 2025 • 19min

#508: NOT Production-Ready: 2025 AI Coding Reality Check

Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal AI can turn weeks of coding into seconds, but at what cost? Katie Paxton-Fear demonstrates how to use Gemini to generate a sprint plan and Cursor to build a Python port scanner from natural language. It works… and that’s the problem. We unpack how “vibe coding” blinds even pros to security, why these tools aren’t production-ready, and the guardrails you need for ethical hacking and internal tooling. What you’ll learn • How to turn ideas → sprint plan → working code (Gemini + Cursor) • Why silent vulnerabilities make AI-built apps risky • Ethical hacker use cases (agents, scanners) without shipping insecure code • Policy tips: disclosure, internal use, avoiding shadow IT Tools mentioned: Gemini, Cursor (AI IDE), Claude (briefly), v0 // Katie Paxton-Fear SOCIALS // Website: https://insiderphd.dev/ LinkedIn: https://www.linkedin.com/in/katiepf/?... YouTube: / insiderphd X: https://x.com/InsiderPhD // YouTube video REFERENCE // • Vibe Coding in Cursor for Cyber Security // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Menu // 0:00 - Coming Up: AI Vibe Coding Explained 01:08 - Intro with Katie Paxton-Fear (Cybersecurity Expert) 02:53 - ThreatLocker Security Overview 03:06 - What is Vibe Coding in AI Development? 04:51 - Live Demo Example of Vibe Coding 05:20 - Google Gemini and Gems for Coding 08:22 - Cursor AI and Writing Code Faster 09:59 - Coffee Break (Quick Pause) 10:02 - Risks of Vibe Coding in Cybersecurity 11:24 - Port Scanner Explained 11:34 - Vibe Coding Pros and Cons (Full Breakdown) 14:02 - Port Scan Results Analysis 14:22 - Why AI Code Isn’t Production Ready Yet 15:53 - Katie’s Final Advice & Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. Key topics: vibe coding, AI coding, port scanning, secure-by-design If you’re experimenting with AI coding, watch this before you deploy anything. #blackhat #vibecoding #security
undefined
Sep 1, 2025 • 22min

#507: He Quit Cybersecurity After 34 Years — Here’s Why

Big thank you to Proton Pass for sponsoring this video. To sign up for Proton Pass, please use the following link https://proton.me/davidbombal to get a 60% discount. Cybersecurity icon Mikko Hyppönen sits down with David Bombal at Black Hat to explain his bold move from antivirus to anti-drone defense after 34 years. He breaks down why mobile operating systems are the biggest security improvement of the past 15 years, how attackers have shifted from device exploits to human scams, and why he believes defenders currently have the edge with AI. They unpack the rise of fiber-tethered drones that evade RF detection, the coming reality of autonomous “killer robots” (not yet here—but inevitable), and the grim state of privacy as everyday IoT devices go online by default—his “internet asbestos” warning. Mikko also reflects on achieving keynote goals at DEF CON, RSA, and Black Hat, and shares career advice: set goals, don’t drift. Topics: mobile OS security, social engineering, AI for defense, zero-day research, drone warfare, privacy and encryption policy, IoT risks, career pivot. // Mikko Hypponen’s SOCIALS // X: https://x.com/mikko Website: https://mikko.com/ LinkedIn: https://www.linkedin.com/in/hypponen/... // Books REFERENCE // If it’s smart it’s vulnerable: US: https://amzn.to/41lkSaG UK: https://amzn.to/4oTpOgN // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:56 - Mikko Hyppönen keynote talks 01:51 - Proton Pass sponsored segment 04:09 - Pivoting from cybersecurity to anti-drone 09:28 - Humanoid robots are near 09:54 - How cybersecurity has improved 12:11 - Defenders have the advantage with AI 15:26 - Pros and Cons of the AI revolution 16:57 - Privacy is dying 21:36 - Advice for your future // Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
undefined
Sep 1, 2025 • 28min

#506: ZERO Coding: How She Broke Into Cyber

In this conversation, Caitlin Sarian, known as Cybersecurity Girl, discusses her intriguing journey from aerospace engineering and cheerleading for LA Galaxy to becoming a cybersecurity leader. She shares how her TikTok fame, with nearly 500K followers, led her to a role in cybersecurity advocacy at TikTok. Caitlin emphasizes the importance of networking and soft skills for breaking into cyber careers, advises on content creation without perfectionism, and discusses her mission with the Cyber Career Club to promote diversity in STEM.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app