David Bombal

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal AI isn't the magic cybersecurity cure the industry wants you to believe it is Danny Jenkins tells us in this interview. He cuts through the marketing hype and explains why relying solely on AI to block attacks is not a solution to all our cyber problems. We also discuss modern threats—including the rise of Agentic AI—and why determining the "intent" of software is practically impossible for artificial intelligence. Instead of chasing the latest buzzwords, learn the foundational, proven strategies to actually secure your network. We dive deep into Zero Trust Network Access (ZTNA), the power of default deny, and the specific, tangible controls you need to block ransomware, prevent Office 365 phishing, and stop bad actors. Whether you're an IT admin, SOC analyst, or CISO, this video outlines exactly what you should be doing instead of just buying another AI tool // Danny Jenkins’ SOCIAL // LinkedIn: / dannyjenkinscyber // ThreatLocker’s SOCIAL // LinkedIn: https://www.linkedin.com/company/thre... X: https://x.com/threatlocker Instagram: / threatlocker Website: https://www.threatlocker.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:36 - Introduction 01:01 - Solving Problems with AI and Security 03:14 - Concerns with Agentic AI 08:01 - ThreatLocker AI Products 09:20 - AI vs AI and Security 11:34 - Vibe Coding in Industry 14:42 - Ways for Companies to Stop Hacks 19:29 - Deny by Default vs AI 20:29 - Industry reaction to Deny by Default 22:10 - About ThreatLocker 23:19 - Announcements from ZTW26 25:22 - The Growth of Threatlocker 26:12 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #ai #hack

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why traditional SMS MFA is no longer bulletproof. We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password. Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively increases your attack surface, leaving your organization just one brute-force attack away from ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access and Cloud Access, detailing how denying by default and routing through secure proxies can lock down Microsoft 365 and make your internal network effectively invisible to hackers. // Rob Allen’s SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:57 - What is 2FA/MFA and why is it important? 02:54 - Reusing passwords 04:38 - Malicious Chrome extensions 05:39 - Average person vs cybersecurity 12:18 - SMS 2FA 13:37 - Authenticator apps 16:26 - Yubikeys 17:58 - No one is "unhackable" 21:52 - "Cookie stealing" explained 22:53 - ThrearLocker's new tool/solution 28:22 - How ThreatLocker protects Office365 29:06 - ThreatLocker protecting organizations 33:11 - Should I trust ThreatLocker? 35:54 - How safe is ThreatLocker? 38:00 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #hacker #hack

Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Discover how easily hackers prompt engineer malware in 2026. Kieran Human from ThreatLocker demonstrates bypassing Microsoft Copilot guardrails to write PowerShell ransomware. // Kieran Human’s SOCIAL // LinkedIn: / kieran-human-5495ab170 // GitHub page REFERENCE // https://github.com/ztwAdmin/ZTW-2026 // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:17 - Intro 01:00 - Demo 01:37 - Sponsored by Threatlocker 01:55 - Demo continued 07:38 - Where to Find these Tools 08:38 - Disclaimer 09:33 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #threatlocker #copilot #locallm

Big thank you to Infoblox for sponsoring this video. To learn more about Infoblox please visit: https://www.infoblox.com/ Do you know the difference between encrypted DNS and secure DNS? DNS veteran Cricket Liu, author of DNS and Bind, joins David Bombal to break down common misconceptions, explain the crucial distinction between security and privacy; and outline a massive update to the NIST Secure DNS Deployment Guide (SP 800-81). If you run a network, you cannot afford to ignore this control point. Detailed Breakdown: DNS is the Achilles' heel of internet infrastructure. While newer protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) solve the cleartext privacy problem, they do not stop malware, phishing, or data exfiltration. In fact, attackers are now using encrypted DNS against us. In this deep-dive interview, Cricket Liu explains how DNS security must evolve beyond simple encryption to include Protective DNS (PDNS) using Response Policy Zones (RPZ). Learn how to turn your existing DNS infrastructure into a low-cost, high-efficiency control point that blocks malicious C2 rendezvous, phishing links, and DNS tunneling automatically. We also tackle the DNSSEC confusion head-on. Cricket clarifies exactly why DNSSEC is about validation and integrity, not encryption, and discusses the looming threat of quantum computing on modern cryptographic standards. Finally, we discuss real-world attack vectors, including a wild story about a dangling CNAME record on CDC.gov that was hijacked to game search engine rankings, and how the updated NIST guide shifts focus from just network administrators to security practitioners. // Links to documents // NIST SP 800-81: https://nvlpubs.nist.gov/nistpubs/Spe... Inflox Q&A on NIST SP 800-81: https://www.infoblox.com/blog/securit... // Cricket Liu’s SOCIAL // LinkedIn: / cricketliu // Renee Burton’s SOCIAL // LinkedIn: / ren%c3%a9e-burton-b7161110b Blog Posts: https://www.infoblox.com/blog/author/... // Infoblox SOCIAL // LinkedIn: / infoblox Website: https://www.infoblox.com/ // Books by Cricket // DNS on Windows Server 2003: Mastering the Domain Name US: https://amzn.to/4byNAtQ UK: https://amzn.to/4rjqgoz DNS & BIND Cookbook: Solutions & Examples for System Administrators 1st Edition US: https://amzn.to/40iZPob UK: https://amzn.to/3Nk2MBM DNS and BIND on IPv6: DNS for the Next-Generation Internet 1st Edition US: https://amzn.to/3MXly1Y UK: https://amzn.to/4s2SFRe Learning CoreDNS: Configuring DNS for Cloud Native Environments 1st Edition US: https://amzn.to/4sC4GwS UK: https://amzn.to/4ro0T59 DNS & Bind 4th Edition: US: https://amzn.to/4s8WaWm UK: https://amzn.to/4sztLbB // Website REFERENCE // Nist: https://www.nist.gov/ Secure Domain Name System Deployment Guide: https://www.nist.gov/news-events/news... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #dns #dnssec #cybersecurity

Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are you looking to get into bug bounty hunting but feel overwhelmed or worried the field is oversaturated? In this video, full-time bug bounty hunter Justin Gardner shares a realistic, actionable guide to web hacking for beginners. We dive straight into the practical side with five live demonstrations of common web vulnerabilities—all done using just your browser and DevTools. Justin explains how Insecure Direct Object Reference (IDOR), Broken Access Controls, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) work in the real world, including stories of finding these exact bugs on major platforms like Google. After the demos, we tackle the biggest questions new hackers have: Is there still money to be made in 2026? How has AI changed the landscape? And what is the exact roadmap to landing your first bounty? Justin breaks down his "200-hour rule" for learning, why you need to get comfortable with failing, and the best resources (like HackerOne and PortSwigger) to help you launch your cybersecurity career today. // Labs and more here: // Labs: https://ztw.ctbb.show/ More labs: https://labs.cai.do/ And more labs: https://portswigger.net/web-security // Justin Gardner’s SOCIAL // YouTube: / @criticalthinkingpodcast LinkedIn: / rhynorater X: https://x.com/Rhynorater GitHub: https://rhynorater.github.io/aboutme/ / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:40 - Introduction 01:50 - Getting Started in Bug Bounty 03:11 - Can I Make Money in Bug Bounty? 04:11 - Demo 1 06:55 - Demo 2 08:47 - Lessons for Upcoming Hackers 10:09 - Demo 3 13:49 - Are There Demos on Justin’s Podcast? 14:20 - Demo 4 18:11 - Real-Life Date of Birth Vulnerability 19:13 - Advice on Becoming a Hacker Like Justin 20:20 - What & Where to Study to Become a Bug Bounty Hacker 21:49 - How Long Does It Take? 25:07 - Outro & Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #webhacking #bugbounty #hack

Quantum computing isn’t just 10 years away, it’s happening now. In this deep dive, I sit down with Ramana Kompella, Head of Research at Cisco Outshift, to separate the sci-fi vaporware from the engineering reality. We discuss the immediate threat of "Harvest Now, Decrypt Later" attacks, where bad actors steal your encrypted data today to unlock it with quantum computers tomorrow. Ramana breaks down exactly how Cisco is building the "Quantum Network" to counter this, leveraging the "No Cloning Theorem" to create unhackable communication channels. If you are in cybersecurity, networking, or studying computer science, this is your roadmap to the future. We cover the math you need to learn (Linear Algebra), the timeline for real-world adoption (it’s closer than you think), and how Quantum Teleportation actually works at a packet level. Topics Covered: • The 5-Year Timeline: Why the "decade away" myth is wrong. • Quantum Networking vs. Computing: Why we need to interconnect quantum processors. • The Physics of Security: How Entanglement and Teleportation prevent eavesdropping. • Career Advice: Why Linear Algebra is the most critical skill for AI and Quantum jobs. • Cisco x IBM: The partnership building the future internet. Big thanks to Cisco for sponsoring this video and sponsoring my trip to Cisco Live Amsterdam 2026. // Ramana Kompella’s SOCIAL // LinkedIn: / rkompella / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:43 - Introduction 02:36 - The Exciting Part about OutShift 04:12 - The Promise of Quantum Computing 07:09 - The Importance of Partnership between IBM & Cisco 07:55 - The Difference between Classical Computing & Quantum Computing 11:25 - Why It is Important to study Maths 12:31 - Technical Details About Quantum Computing 19:19 - When Will Quantum Computing Become a Reality? 20:00 - Will Quantum Computing Break Encryption? 25:36 - Outro & Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #quantumnetworking #ciscooutshift #cybersecurity

Are your smart home devices spying on you? In this video, David Bombal interviews cybersecurity researcher and IoT penetration tester, Matt Brown, to reveal how to intercept and decrypt supposedly secure SSL/TLS traffic from IoT devices. Matt demonstrates his open-source tool, "Man in the Middle Router," a specialized Linux-based bash script designed to simplify IoT hardware hacking labs. This tool stitches together essential Linux utilities—including HostAPD (for access points), DNSmasq (for DHCP), and iptables (for traffic routing)—to transform any Linux computer or Raspberry Pi into a transparent intercepting router. In this technical deep-dive, you will learn: How a Man in the Middle (MITM) attack intercepts encrypted TLS (HTTPS) communications. How to set up an IoT penetration testing lab using minimal hardware, such as an Alpha Wi-Fi adapter and an Ethernet dongle. The difference between theoretical attacks and real-world vulnerabilities like the failure of IoT devices to validate server certificates. Transparent proxy setup using tools like mitmproxy to visualize raw API data. Live Hacking Demonstration Matt moves beyond theory to demonstrate a live hack of an Anran Wi-Fi security camera purchased from eBay. He shows the exact process of capturing and decrypting the camera's API traffic (apis.us-west.cloudedge360.com). This demonstration exposes that the device is transmitting sensitive information—including authentication credentials—in cleartext over HTTP inside the broken TLS tunnel. Whether you are a network engineer, network security analyst, or a hardware hacking enthusiast, this video provides a step-by-step framework for auditing the security and privacy of the devices on your network. // Matt Brown’s SOCIAL // X: https://x.com/nmatt0 YouTube: / @mattbrwn LinkedIn: / mattbrwn GitHub: https://github.com/nmatt0 Reddit: https://github.com/nmatt0 Website (with training courses): https://training.brownfinesecurity.com/ // GitHub REFERENCE // mitmrouter: https://github.com/nmatt0/mitmrouter // Camera REFERECE // https://www.amazon.com/ANRAN-Security... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:33 - Introduction 02:33 - Matt’s Solution for IoT Devices 05:38 - Getting around SSL Pining / Certificate Validation 08:55 - Demo - The Basics 12:00 - Demo - Man In The Middle Router Tool 15:00 - Demo - Software/Hardware Considerations 20:12 - Demo - MITM Proxy 24:43 - Demo - MITM Router 33:58 - Example Using a Real IoT Device 36:33 - David’s Questions 37:50 - More About Matt Brown 38:41 - Android Vs Apple 40:33 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #iot #hacking #iothacking

Big thanks to Brilliant for sponsoring this video. To try everything Brilliant has to offer, visit https://brilliant.org/davidbombal to start your 30-day free trial or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription Join hacker OTW and David Bombal as they rank the top 6 AI movies that predicted the future of cybersecurity. From Ex Machina to The Matrix, discover which films got 2026 right. In this video, OTW breaks down his curated list of the best Artificial Intelligence movies that every tech enthusiast and cybersecurity professional needs to watch. We aren't just reviewing films; we are analyzing how sci-fi predictions from decades ago are becoming reality in 2026. We discuss the dangers of removing AI guardrails as seen in Companion, the terrifying reality of predictive policing and surveillance mirrored in Minority Report, and the ethical dilemmas of AI consciousness explored in Her and Ex Machina. OTW also dives into 2001: A Space Odyssey and The Matrix to discuss Neuralink, data center energy consumption, and the risks of AI self-preservation. Are we heading toward a dystopian future, or can we still implement the right regulations? // Occupy The Web SOCIAL // X: / three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: • Linux for Hackers Tutorial (And Free Courses) Mr Robot: • Hack like Mr Robot // WiFi, Bluetooth and ... Hackers Arise / Occupy the Web Hacks: • Hacking Tools (with demos) that you need t... / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:47 - OTW introduction // OTW books 02:02 - Brilliant sponsored segment 04:08 - AI in Hollywood and media 08:06 - Top 6 movies about AI 11:29 - Movie #6 // Guardrails on AI 19:27 - Movie #5 // AI-controlled media 27:35 - Movie #4 // AI crime detection 39:38 - Movie #3 // AI self-preservation 48:55 - Movie #2 // Human & AI relationships 55:23 - Movie #1 // AI Turing test 01:04:57 - Top 6 AI movies summary 01:11:02 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #ai #movies #aimovies