This is a real world demonstration of the SQL Injection attack used in the recent MOVEit hack. This is real world - not just a simple SQL attack. Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to juniper.net/davidbombal to get lots of training and also learn how to get certified for $50 (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL If you have issues with the Juniper registration, please use these links that they gave me: For Login assistance link userregistration.juniper.net/loginassistance Customer Support link- support.juniper.net/support/requesting-support/ // Mr Robot Playlist // kzbin.info/aero/PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q // Proof of Concept // Horizon3: www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin: kzbin.info // Occupy The Web social // Twitter: twitter.com/three_cube // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw // Occupy The Web books // Linux Basics for Hackers: amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh Top Hacking Books you need to read: kzbin.info/www/bejne/qqOze5R5fKeVgbc // Other books // The Linux Command Line: amzn.to/3ihGP3j How Linux Works: amzn.to/3qeCHoY The Car Hacker’s Handbook by Craig Smith: amzn.to/3pBESSM Hacking Connected Cars by Alissa Knight: amzn.to/3dDUZN8 // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:55 - Juniper Free Training (Sponsored segment) 01:51 - OccupyTheWeb books and new books 03:57 - The MOVEit breach explained 05:20 - Clop website // Companies affected 08:52 - The two different vulnerabilities 10:26 - The truth about SQL Injection 12:21 - Using Shodan 14:05 - Proof of concept of the exploit 16:18 - SQL Injection example 20:35 - MOVEit hack analysis / How it was done 28:57 - CVE-2023-35708 SQL Injection vulnerability explained 30:36 - What is Taiwan Semi-Conductor (TSMC) and why they got hacked 31:01 - SQL Injection hack in the real world 32:45 - OccupyTheWeb online classes 33:46 - Union statement // Stacking queries demo 37:02 - Upcoming OccupyTheWeb courses and classes 39:50 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

Very cool to see the MOVEit coverage here -- and especially thank you for the Huntress shoutout! :)

Occupytheweb your voice is life. So calming. ^_^

You two never fail to disappoint. Amazing as always OTW and David. Bravo

The knowledge flows out of him so casually and easy to understand. Its typically a skill you find in someone that's been doing "It" most of their life. He teaches as easily as someone else might tie their shoes.

This channel is an absolute gem for the IT community! Thank you for bringing consistently great content, David!

Seeing OTW, instant like and watch. Best content on YT, and best content on your channel! Waiting for more, great stuff.🤞

OTW=respect.

1:2 7 THANK YOU SO MUCH DAVID for going the extra mile for us. you subscribers!!!! Just yesterday I had to turn down getting CEH CERT as the entire only 8 - 12 week program plus extra for the exam. There was simply NO way I could afford the $2800 USD+ fee; especially bung in Canada. Thant's like $3600!!!! Simply love your channel and your constant commitment to others :)

I'm a SQL developer who is trying to transition into Cybersecurity (just passed CompTIA Security +), and I REALLY enjoyed this! Thank you

Thanks David Bombal and OTW for this amazing video. I definitely push my team to watch it. 🎉

OTW is a gift to the world! so are you David!

Keep it up David, videos with OTW are full of valuable information. Also, I got your 7 udemy courses including CCNA, Wireshark and also Nmap with Chris. I'm so on the hacking mood, I mean I study every day from your courses and I must say I really enjoy it.

I've learned a lot of practical knowledge from listening to OTW and Mr. Bombal.

awesome video, i love all the information and links you provide. you guys are nailing it!! keep it up

As always, when I see a video with OTW, I do hit like and watch the video! Great stuff!

Great content as always. Would love to see more content with OTW, you guys should make that video you talked about on how to reprogram usb drives into rubber duckies.

I love OTW❤❤❤❤❤.... and also DAVID BOMBAL who represent this type of man on the viewers....

Nice episodes really enjoy them, as a software Developer, this will be a great skill to acquire, much love from South Africa.

"You can't be a hacker if you don't know programming... If I read source code and understand it, it's because I'm capable of writing it."

such a good good video, the knowledge alone is overwhelming and at the same time very understandable, love your channel and love even more OTW, thank you.

Such a great vid, probably my fav so far! Thanks for sharing!

As always Mr.david surprise us with intresting topics wich help a lot. Really appreciate it sir .

Thank you very much for always putting in very informative content. I am enjoying it from South Africa

Another great lesson. Thank You David and Master Occupy The Web.

Thanks David & OTW i never miss your video and i will never miss it❤❤

Another amazing episode, cheers Gentlemen! These should be the MOST EXPENSIVE punctuation marks of all time for each company during the SQL attack. xD In fact forgetting about "oldschool" attack techniques is a common mistake many companies / services make all the time (also from my experience). I mean - Aerosmith was founded in 1970 and it's still a nice band, right? :)

very cool as always ;). Good story, cold beer and OTW!

Lots of love to my man David Bombal.

It is very intersing concept that show how hacker use sql injection in real world with more advanced techniques to atteck their target ,this teach alot david thanks alot as always

Awesome video! Very well explained and easy to follow along. What great teachers!

Always happy to have OTW and you posting videos on here together🎉🎉

Great 👍 thanks @David as usual learnt a lot

man i love ur content. i follow u on spotify as well. more otw and sparc flow pls and ty david. JUST GREAT CONTENT!

Brilliant video David and OTW...🌟

Thanks David. Splendid stuff

Thank you, David, for everything

It's always amazing learning you and much more when master OTW is in class. Thanks to you both. I really wish you could do a tutorial video on Juniper registration, somethings ain't really clear to me. Thanks for the prime lectures and keep adding flavors to your teachings ✌️

David we need more real world hacking senarios like this one. I realy respect for host tge way he breaks down everything

hitting the like button before i start watching - i know it will be awesome 👏 thank you

See you next time OTW. Thx David always great interview

It’s hard to believe someone out there who is more skilled than otw. Impressive work. Thanks David and otw for bringing this to our attention. You both are the best.

Thanks David and OTW. Very knowledge filled.

Great video / content again David, wasn't sold on the hacking videos at the beginning 😅 but I have definitely being enjoying the content. Very informative

Thank you David and OTW, to talk and share you knowledge, all the content you do is very valuable. I learn so much with you guys. Ohh!!! John pass for here too. 😂😂😂 Another great person with nice contents. Thank you guys.

this video this informations so good . i will learn it right now . i just want be safe from all internet

Looks like you’re in Utah David, next time you’re in town reach out, I’ll take you out rallying some side by sides, show you some great hiking and camping spots and teach you some survival stuff!!! Great video!!

Im a student of OTW and his classes are top notch in every aspect! Thanks David for the interview, RESPECT ❤️

David, we enjoy OTW, and you are the reason we know him. So, thank both of you

Salute you both, thanks a lot ❤❤❤

All my respect for OTW, and You David. Thank you!

Another great video David.

Thanks David I really need that video 👍❤️

Thank you for one more great episode

love the OTW episodes...would love a more in depth episode on ss7 and 2fa also if possible

There is no doubt that you will rise fast at the apex of your career MetaspyClub . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock!.

More OTW ! But we got our fix for today! Keep up the awesome job!

You rock David !! Always the best videos :) Looking forward for more videos with OTW.

Very nice content sir! Thank you very much

Excellent content my friend David and OTW.

What a guy you are, David. In the middle of the mountains taking a moment to record something for your sponsor 😂

amazing 🥇I like this kind of videos Dave

Ooh this hack was a work of art. Good analysis!

Great video, can't wait for the SEQUEL 😄

David, your channel would be amazing regardless, OTW is just a bonus!

Thnkz david so much without ur youtube channel we cant get this great man (OTW).....

Otw welcome back legend❤

Love you sir from india😊

The ... " we have a chance moment" just awesome.

This duo you are amazing. Thanks for those knowledge

Thanks David and OTW

wuiiiiiiiiiw, i was waiting for this interview, @David bombal the best

That was brililant info. I must have missed when this came out.

OTW IS BACK!!! Love it!!

Anything OTW does is great. SQL injection is an interesting topic to me as I never really got into databases as an admin. My speciality has always been virtualization, AD administration, and Linux/Unix. Though today everything is Linux and HP-UX I don't see much of and except for the guy that called me 6 months ago I don't see any SCO Unix anymore.

Love your work guys 👏

OTW!! Let’s gooo!

Super informative thank you!

Great episode, well explained

This sure is real. Again LOVE seeing you covering these topics David and GREAT to see you OTW!

Your videos are super cool so even I make videos like you do! Cool videos you make...........

I work in a SOC. I'm going to buy this guy's books for sure.

Makes me glad we don't use that particular software from Progress :) Also makes me glad that the software we do use of theirs (their DB software) barely even supports SQL89, and requires you to have the SQL broker enabled for it to even work.

They must have done a shit load of recon, to know the table names and columns. Wow

Great video! Loved it! So clear! Question for you and OTW: wouldn’t any of these big companies have a SIEM blocking exfiltration in big sizes? I recall Sentinel going off alarms and bella when users moved/deleted large volumes of data? Maybe a dumb question…but any answer would be appreciated thanks!

Listen David your channel is outstanding!!! No two ways about it. Your video's with otw are just the best. The level of detail and information in these video's are so easy to follow it's unreal. As a 33 year old man who worked in construction his whole life, I cought covid last year and it messed me up so much I had to give up my job, literally in a dark place trying to figure out what the F im gonna do now I found your first vid with otw and instantly became hooked on learning everything I can about hacking (pretty sure my partner is sick of me burning the ear off her on stuff I learn 😅) . Half way through linux basics for hackers and just received his second book!!! So far amazing!!! When I build up the funds I'll become a subscriber hopefully! David keep up the amazing content I appreciate your hard work!!! Your the man!!!

Thank you for all the good things you do, David. We all love you!

Every time I see new vid I’m happy that i pushed the subscribe button

Thank you, much appreciated

thanks mate really useful :)

David and OTW explain things in lamens terms so us newbs can comprehend it

Bombal Sir. I am very Sorry. I ddos'ed your site. I thought it would be difficult. But it was gone on the first try. But now ddos is not working. The reason is you are a very Good hacker. You fixed the site and now it is not getting affected.

hey sir great information

The organization I work for was affected by that security breach, it was scary to think about but as someone in the IT world, it was interesting to learn about it.

David Bombal does that book have the pdf so the I can read because in my country amozon is not muxh aviable plz replay to this comment???? sir

hi sir can you please make a video on pivoting devices and discuss of it with master occupy the web!

Thank you Juniper, thank you David for this and to Occupie the Web the G.O.A.T. for your time a biblical, Dankie...A DANKO 😂

It's good to educate the people

Many thanks to you David and OTW for the great job you're doing. Maximum respect.🙌🙌

Really nice👍👍!