Real World Hacking Demo with OTW

This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world – not just a simple SQL attack.

Big thank you to Juniper Networks for supporting the community and making training free. Go to https://juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level).

// Mr Robot Playlist //
Mr Robot

// Proof of Concept //
Horizon3: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/

// Occupy The Web social //
Twitter: https://twitter.com/three_cube

// OTW classes //
Hacker\’s Arise Pro Subscription:
https://www.hackers-arise.com/online-store/Member-PRO-p444073646?afmc=1d

Get 3 year\’s access to all live courses:
https://www.hackers-arise.com/online-store/Become-a-Hackers-Arise-Subscriber-3-years-of-training-p134507114?afmc=1d

// Occupy The Web books //
Linux Basics for Hackers: https://amzn.to/3JlAQXe
Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh
Top Hacking Books you need to read: Top Hacking Books…

// Other books //
The Linux Command Line: https://amzn.to/3ihGP3j
How Linux Works: https://amzn.to/3qeCHoY
The Car Hacker’s Handbook by Craig Smith: https://amzn.to/3pBESSM
Hacking Connected Cars by Alissa Knight: https://amzn.to/3dDUZN8

// Occupy The Web Website / Hackers Arise Website //
Website: https://www.hackers-arise.com/?afmc=1d
OTW Mr Robot series: https://www.hackers-arise.com/mr-robot

Want to learn more from Occupy the Web? You can join his classes using these links:
Hacker\’s Arise Pro Subscription\”
https://www.hackers-arise.com/online-store/Become-a-Hackers-Arise-Subscriber-3-years-of-training-p134507114?afmc=1d

Get 3 year\’s access to all live courses:
https://www.hackers-arise.com/online-store/Become-a-Hackers-Arise-Subscriber-3-years-of-training-p134507114?afmc=1d

// David\’s Social //

================
Connect with me:
================
Discord: http://discord.davidbombal.com
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel https://www.youtube.com/davidbombal
YouTube Tech Channel: https://www.youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna
Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU //
00:00 – Coming Up
00:55 – Juniper Free Training (Sponsored segment)
01:51 – OccupyTheWeb books and new books
03:57 – The MOVEit breach explained
05:20 – Clop website // Companies affected
08:52 – The two different vulnerabilities
10:26 – The truth about SQL Injection
12:21 – Using Shodan
14:05 – Proof of concept of the exploit
16:18 – SQL Injection example
20:35 – MOVEit hack analysis / How it was done
28:57 – CVE-2023-35708 SQL Injection vulnerability explained
30:36 – What is Taiwan Semi-Conductor (TSMC) and why they got hacked
31:01 – SQL Injection hack in the real world
32:45 – OccupyTheWeb online classes
33:46 – Union statement // Stacking queries demo
37:02 – Upcoming OccupyTheWeb courses and classes
39:50 – Conclusion

MOVEit
sql
sql injection
hack
hacking
hacker
pegasus
cybersecurity

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#hacking #cybersecurity #sql

subscribe
  • David Bombal