David Bombal

• #501: Brute Force SSH & Build a Honeypot Now (Hydra and Cowrie Demo)

  Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance of understanding both attack methods and defensive strategies in cybersecurity. Kyle also mentions free ethical hacking training resources available through Cisco Networking Academy (netacad.com) and future tutorials on Cisco U (u.cisco.com). // COMMANDS // Devices: client 192.168.1.10 server 192.168.1.11 ubuntu-honeypot 192.168.1.21 Nmap scan: nmap -sn 192.168.1.0/24 Verify Hydra installed: hydra -h Show wordlists: ls -al /usr/share/wordlists/ Crack with known username: hydra -l admin -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Crack with unknown username: hydra -L /usr/share/wordlists/top-usernames-shortlist.txt -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Create dir for Cowrie: mkdir cowrie cd cowrie/ Clone cowrie: git clone https://github.com/cowrie/cowrie . Launch the python virtual environment: python3 -m venv cowrie-env source cowrie-env/bin/activate Install python requirements: pip install --upgrade pip pip install -r requirements.txt Copy and edit the config: cp etc/cowrie.cfg.dist etc/cowrie.cfg vi etc/cowrie.cfg Setup port forwarding for SSH to Cowrie: sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 sudo iptables-save Start Cowrie: bin/cowrie start Check Cowrie status: bin/cowrie status View logs: tail -f var/log/cowrie/cowrie.log // Kyle Winter’s SOCIALS // Socials: / kyle-m-winters Cisco Blogs: https://blogs.cisco.com/author/kylewi... // Website REFERENCE // https://www.netacad.com/courses/ethic... https://u.cisco.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  12:21

  --------

  12:21
• #500: MCP Demo using Python, AI and a self healing network (Model Context Protocol)

  Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. See how Cisco engineer Kareem Iskander teams up with David Bombal at Cisco Live San Diego 2025 to build a self-healing network in real time. Using the new Model Context Protocol (MCP), Splunk logs, Meraki APIs, and Anthropic Claude, Kareem’s Python code lets an LLM detect configuration drift and automatically revert changes, no manual troubleshooting required. You will learn: • What MCP is and how it exposes trusted tools to an LLM • How Claude reads Splunk, correlates Meraki changes, and repairs configs • Why two lines of code can spin up an entire MCP server from OpenAPI specs • Where to find Kareem’s full code on GitHub and his upcoming Cisco U tutorial // Code // Get the code here: https://github.com/kiskander/mcp-splu... //Kareem Iskander SOCIALS // LinkedIn: / kiskander X: https://x.com/kareem_isk Cisco Blogs: https://blogs.cisco.com/author/kareem... // Website REFERENCE // https://github.com/kiskander/mcp-splu... https://u.cisco.com/tutorials/enhance... https://u.cisco.com/tutorials/network... https://u.cisco.com/tutorials/network... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  23:21

  --------

  23:21
• #499: Your firewall won't save you from this 😱

  Big thanks to Radware for sponsoring this video and sharing technical insights with us! David Bombal talks with Michael Geller (Radware) and Tim Sherman (Cisco) about how smart devices like fridges, cars, and cameras are being hijacked for DDoS attacks. They explain Web DDoS, encrypted Layer 7 threats, and how attackers bypass traditional firewalls. The discussion covers IoT botnets, API abuse, 5G core vulnerabilities, and how Cisco and Radware are defending cloud and edge infrastructure. // Radware’s SOCIALS // X: https://x.com/radware LinkedIn: / posts Website: https://www.radware.com/ // Web page REFERENCE // http://livethreatmap.radware.com https://www.radware.com/security/ddos... https://www.radware.com/solutions/web... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: https://open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] Your Firewall Won’t Save You From This Stop Is Your Car Launching Cyberattacks Your Home Appliances Weaponized by Cybercriminals DDoS Just Got Smarter Layer 7 Is Nightmare How Default Bots Cripple Hospitals and Systems Electric Cars Under Siege from Smart Devices Cybersecurity Blind Spot Your Car Is Compromised The Hidden Threat Everyday Devices Hacked Now Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  43:40

  --------

  43:40
• #498: DDoS Attacks (HTTP/2, DNS, Hacktivist) // Real World Technical Analysis

  Big thanks to Radware for sponsoring this video and sharing technical insights with us! // Radware reports REFERENCE // Executive Summary: https://davidbombal.wiki/2025threats 2025 Global Threat Analysis Report: https://davidbombal.wiki/2025threatsu... // Pascal Geenens’ SOCIAL // LinkedIn: / geenensp Website: https://www.radware.com/ // Radware SOCIAL // YouTube: / radwareinc Webinars: https://www.radware.com/newsroom/events/ LinkedIn / radware // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 - Coming Up 01:03 - Intro 01:40 - What are the Reports About? 06:59 - Hacktivists (Dark Storm Team) 10:19 - DDos For Hire (Telegram) 13:24 - Check-Host.net 14:27 - Dienet 19:44 - How to Bring Down a Website 21:46 - DNS DDoS Attacks 26:28 - HTTP/2 29:22 - Botnet Capability 31:51 - Noname057 35:09 - Home Routers (TRS-069) 39:05 - Bullet Proof Cloud Services 45:13 - Vulnerable IoT 49:04 - Shodan (IoT Search Engine) 50:07 - Downloading Threats 52:45 - Application Programming Interfaces (APIs) 57:15 - Artificial Intelligence (AI) 01:06:49 - The Fight Against Bad AI 01:08:49 - How to Protect Yourself 01:14:52 - What is Radware? 01:16:00 - The Struggle of Downloading Models 01:20:06 - Should AI Keep your Data? 01:22:01 Connect with Pascal 01:22:36 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  1:23:57

  --------

  1:23:57
• #497: Want to break into Cybersecurity? This is where the most jobs are at!

  Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // GIVE AWAY// Gerald is giving away 10 seats in the Simply Cyber Academy GRC Analyst Master Class (Value: $149) to 10 lucky David Bombal viewers. To enter the giveaway go here: https://gleam.io/VVK24/simply-cyber-g... // DISCOUNT // To get 10% discount on Simply Cyber Academy GRC Analyst Master Class go here: https://simplycyber.io/grc use the following discount code BOMBAL10 // Gerald Auger’s SOCIAL // YouTube: / @simplycyber Website: https://www.simplycyber.io X: https://x.com/gerald_auger LinkedIn: / geraldauger Discord: https://simplycyber.io/discord // Daily Cyber Threat Live Stream REFERENCE // / geraldauger // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 - Coming up 0:53 - What is GRC (Governance, Risk and Compliance)? // GRC explained 04:42 - Businesses taking cyber security more seriously in 2025 07:21 - Is GRC a good career path? 09:58 - Cyber security careers are vast: pick your path 14:49 - Introverts can be successful in GRC 15:47 - GRC for the younger generation // The importance of networking with people 17:57 - Simply Cyber livestreams, live podcasts and discord community 19:17 - How to get started in GRC 20:35 - GRC Analyst Master Class 21:30 - How to get started in GRC (continued) 22:51 - Course giveaway and discount 23:42 - Simply Cyber Daily Cyber Threat Brief 26:51 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  26:55

  --------

  26:55

Más podcasts de Tecnología

Podcasts a la moda de Tecnología

Acerca de David Bombal