David Bombal

• #512: All Encryption Hacked in 3 Years?

  Big thanks to Brilliant for sponsoring this video. To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription. Quantum computing isn’t a far-off sci-fi threat. In a hybrid model (CPU + GPU + quantum), it could land within ~3 years—and that’s enough to break today’s asymmetric cryptography (RSA/ECC/PKI) used for TLS/HTTPS and VPN key exchange via Shor’s algorithm. Result? Session keys exposed, mass decryption possible, and a risky “post-quantum gap” before new hardware/software are widely deployed. In this frank discussion, OTW joins David Bombal to explain: • Why asymmetric key exchange is the weak link for TLS/VPNs • How hybrid quantum + CUDA-Q accelerates timelines • Nation-states’ “collect now, decrypt later” strategy • The painful window before post-quantum cryptography (PQC) rolls out • Risks of client-side scanning and on-device AI • NSA backdoors, PGP/Phil Zimmermann, and the San Bernardino iPhone case // Occupy The Web SOCIAL // X: / three_cube Website: https://hackers-arise.net/ // Occupy The Web Books // Linux Basics for Hackers 2nd Ed US: https://amzn.to/3TscpxY UK: https://amzn.to/45XaF7j Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Playlists REFERENCE // Linux Basics for Hackers: • Linux for Hackers Tutorial (And Free Courses) Mr Robot: • Hack like Mr Robot // WiFi, Bluetooth and ... Hackers Arise / Occupy the Web Hacks: • Hacking Tools (with demos) that you need t... // YouTube video REFERENCE // • USA stops UK creating Apple backdoor. Why ... • Will this Tiny Chip Change EVERYTHING in Q... // David's SOCIAL // Discord: / discord X: / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 - Coming Up 01:00 - Intro 01:49 - OTW's Books 02:46 - Brilliant Advert 04:01 - Encryption and Apple Backdoors 05:12 - Nation-states Racing for Quantum Computing 08:35 - Jensen Huang's Hybrid Quantum Computer 10:57 - The Threat of National Agencies 12:10 - China Collecting Encrypted Data 13:56 - Post-Quantum Cryptography 17:58 - The NSA Collecting Data 19:21 - The NSA and Encryption 24:40 - Concerns Against Cryptography 28:09 - Client-Side Scanning 30:46 - Should you Run AI on your Devices? 34:56 - NVIDIA's Role on Cryptography 37:37 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  38:17

  --------

  38:17
• #511: Becoming a Ghost Online: 3 Privacy Levels

  Big thank you to Proton Pass for sponsoring this video. To sign up for Proton Pass, please use the following link https://proton.me/davidbombal to get a 40% discount At Black Hat, David Bombal sits down with OSINT pro Mishaal Khan to unpack anti-OSINT, practical steps to regain privacy without pricey services. Mishaal demos his free OperationPrivacy dashboard (400+ actions, 3 tiers: Conscious → Serious → Ghost) and shows how to: • Freeze credit & use free monitoring • Opt out of 100+ data brokers (Spokeo, Intelius, LexisNexis, more) • Blur your home on Google/Bing/Apple Maps + real-world deterrents • Claim critical accounts (IRS/DMV/USPS/UPS) and your domain • Nudge page-one results with harmless decoys • File copyright takedowns (Instagram/Google, etc.) US-centric but widely applicable. DIY, trackable, and truthful about the time it takes. // Mishaal Kahn’s SOCIALS // LinkedIn: / mish-aal Website: https://www.mishaalkhan.com/ Tool created: https://www.operationprivacy.com/ // David's SOCIAL // Discord: / discord X: / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombal YouTube: / @davidbombal Spotify: https://open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 – Coming Up 01:31 – Sponsored by ProtonPass 03:00 – Introduction 05:44 – Operation Privacy Demo 07:49 – How to Freeze Your Credit 08:41 – Credit Monitoring Explained 09:19 – Managing Subscriptions 10:13 – Data Removal (Outbound Requests) 12:40 – Should You Use Automatic Removal? 14:03 – Protecting Your Privacy 15:41 – Why Privacy Takes Time 17:46 – Planting Your Privacy Flag 19:56 – Ghost Mode & SOE Manipulation 22:47 – Getting Content Removal Forms 23:40 – Taking a Holistic Approach to Privacy 25:08 – Final Thoughts / Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  26:04

  --------

  26:04
• #510: 20–30% Of Attacks Use AI: John Hammond details today’s hybrid attacks

  To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You’ll also get 20% off an annual premium subscription. In this 2025 deep-dive, David Bombal sits down with John Hammond to map the real state of hacking: classic ransomware/infostealers meet AI-assisted malware (including code that leverages LLMs). We unpack the ClickFix and FileFix social-engineering patterns, fake CAPTCHA and “save/upload” flows that trick users into running payloads, and the practical Windows mitigations (policy/registry ideas) you should know. John shares why he estimates 20–30% of attacks now have some AI touch, how social engineering scales, and where defenders can push back. For your career, he argues opportunities are expanding: use CTFs, show your work on GitHub/video, and consider OSCP for signaling. He also introduces Just Hacking Training (JHT), handson hack-alongs, archived CTFs, free upskill challenges, and pay-what-you-want courses with industry all-stars. What you’ll learn: • How ClickFix/FileFix actually trick users • Realistic mitigation tactics you can apply • The current role of AI in malware • Career roadmap: CTFs → OSCP → portfolio • Where to get hands-on: JHT resources // John Hammond’s SOCIALS // YouTube: / @_johnhammond X: https://x.com/_johnhammond LinkedIn: / johnhammond010 Discord: / discord Instagram: / _johnhammond TikTok: / johnhammond010 GitHub: https://github.com/JohnHammond Humble Bundle: https://www.humblebundle.com/?partner... Just Hacking Training: https://www.justhacking.com/ ClickFix Website: https://clickfix-wiki.github.io/ // YouTube video REFERENCE // Linux got hacked with this AI Image: • Linux got Hacked with this AI image! Hackers trick everyone to run malware (FileFix): • hackers trick everyone to run malware (Fil... OSINT Tools to track you down: • OSINT tools to track you down. You cannot ... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 - Coming up 0:58 - Intro & Current State of Hacking 03:42 - Brilliant Advert 05:14 - The Wave of AI Attacks 07:43 - Click(Fix) Hack 10:10 - FileFix: The Future Hacks 11:14 - Current Affairs & Social Engineering 15:17 - Raising Awareness 19:18 - Security Research 20:51 - Is There a Future for Younger People in This Industry? 22:54 - What Should I Do to Get There? 24:11 - Recommended Certifications 26:34 - Where Do I Start? 28:26 - About John Hammond’s Work 31:12 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  31:31

  --------

  31:31
• #509: AI + Metasploit = Terrifyingly Easy Hacking is here (demo)

  In this ethical lab demo, David Bombal and Kyle Winters connect Claude (LLM) to Metasploit through an MCP (Model Context Protocol) server to automate real attacks. Watch AI perform recon, generate a risk report, and execute VSFTPD backdoor, EternalBlue (SMBv1), and UnrealIRCD—dropping benign files on Linux and Windows with simple prompts. Educational use only on intentionally vulnerable VMs. Do not attack systems you don’t own or lack permission to test. What you’ll see • How MCP bridges an AI to real tools (Metasploit RPC) • AI-driven scanning + auto security report (services, versions, risks) • Prompted exploits: VSFTPD, EternalBlue, UnrealIRCD • Why this lowers barriers for red teams—and what blue teams should do // Sponsored SEGMENT // Big thanks to Cisco for sponsoring this video. // Kyle Winters SOCIAL // LinkedIn: / kyle-m-winters Cisco Blogs:  https://blogs.cisco.com/author/kylewi... // Websites REFERENCE // MetasploitMCP by GH05TCREW: https://github.com/GH05TCREW/Metasplo... Kareem Iskander's MCP blogs: https://blogs.cisco.com/author/kareem... Cisco U.: https://u.cisco.com?ccid=cisco-u&dtid... // Video REFERENCE // MCP Demo using Pythong: • MCP Demo using Python, AI and a self heali... Brute Force SSH: • Brute Force SSH & Build a Honeypot Now (Hy... Hacking LLMs: • Hacking LLMs Demo and Tutorial (Explore AI... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // Menu // 0:00 - Coming up 0:58 - Disclaimer 01:00 - Introducing Metasploit MCP Server (by GH05TCREW) 03:01 - Metasploit MCP Demo 1 05:12 - Metasploit MCP Demo 2 10:59 - Metasploit MCP Demo 3 16:18 - Metasploit MCP Demo 4 19:15 - Metasploit MCP Demo 5 21:45 - How AI is changing cybersecurity 23:07 - Metasploit MCP Demo 5 continued 26:51 - Metasploit MCP server summary 28:00 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

  --------  

  29:47

  --------

  29:47
• #508: NOT Production-Ready: 2025 AI Coding Reality Check

  Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal AI can turn weeks of coding into seconds, but at what cost? Katie Paxton-Fear demonstrates how to use Gemini to generate a sprint plan and Cursor to build a Python port scanner from natural language. It works… and that’s the problem. We unpack how “vibe coding” blinds even pros to security, why these tools aren’t production-ready, and the guardrails you need for ethical hacking and internal tooling. What you’ll learn • How to turn ideas → sprint plan → working code (Gemini + Cursor) • Why silent vulnerabilities make AI-built apps risky • Ethical hacker use cases (agents, scanners) without shipping insecure code • Policy tips: disclosure, internal use, avoiding shadow IT Tools mentioned: Gemini, Cursor (AI IDE), Claude (briefly), v0 // Katie Paxton-Fear SOCIALS // Website: https://insiderphd.dev/ LinkedIn: https://www.linkedin.com/in/katiepf/?... YouTube: / insiderphd X: https://x.com/InsiderPhD // YouTube video REFERENCE // • Vibe Coding in Cursor for Cyber Security // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // Menu // 0:00 - Coming Up: AI Vibe Coding Explained 01:08 - Intro with Katie Paxton-Fear (Cybersecurity Expert) 02:53 - ThreatLocker Security Overview 03:06 - What is Vibe Coding in AI Development? 04:51 - Live Demo Example of Vibe Coding 05:20 - Google Gemini and Gems for Coding 08:22 - Cursor AI and Writing Code Faster 09:59 - Coffee Break (Quick Pause) 10:02 - Risks of Vibe Coding in Cybersecurity 11:24 - Port Scanner Explained 11:34 - Vibe Coding Pros and Cons (Full Breakdown) 14:02 - Port Scan Results Analysis 14:22 - Why AI Code Isn’t Production Ready Yet 15:53 - Katie’s Final Advice & Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. Key topics: vibe coding, AI coding, port scanning, secure-by-design If you’re experimenting with AI coding, watch this before you deploy anything. #blackhat #vibecoding #security

  --------  

  18:59

  --------

  18:59

More Technology podcasts

Trending Technology podcasts

About David Bombal