David Bombal

In this exclusive interview, Kamal Hathi reveals how the new Cisco Data Fabric and Splunk Machine GPT are unlocking agentic AI for cybersecurity. Discover the future of SOC analysts and network telemetry in 2026!

Big thanks to Cisco for sponsoring this video and sponsoring my trip to Cisco Live Amsterdam 2026.

// Kamal Hathi’s’ SOCIAL //
LinkedIn: / kamal-hathi

// Website REFERENCE //
https://www.splunk.com/

/ David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
0:00 - Coming up
0:36 - Kamal Hathi introduction and machine gpt update
03:36 - Splunk and machine data
05:47 - Resources to learn Splunk
06:48 - Cisco Time Series Model on Hugging Face
07:50 - Cisco Data Fabric explained
09:37 - Updates in 2026
15:51 - Cisco & Splunk
17:50 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.
#cisco #splunk #ciscolive

Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal

Are you looking to get into bug bounty hunting but feel overwhelmed or worried the field is oversaturated? In this video, full-time bug bounty hunter Justin Gardner shares a realistic, actionable guide to web hacking for beginners.

We dive straight into the practical side with five live demonstrations of common web vulnerabilities—all done using just your browser and DevTools. Justin explains how Insecure Direct Object Reference (IDOR), Broken Access Controls, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) work in the real world, including stories of finding these exact bugs on major platforms like Google.

After the demos, we tackle the biggest questions new hackers have: Is there still money to be made in 2026? How has AI changed the landscape? And what is the exact roadmap to landing your first bounty? Justin breaks down his "200-hour rule" for learning, why you need to get comfortable with failing, and the best resources (like HackerOne and PortSwigger) to help you launch your cybersecurity career today.

// Labs and more here: //
Labs: https://ztw.ctbb.show/
More labs: https://labs.cai.do/
And more labs: https://portswigger.net/web-security

// Justin Gardner’s SOCIAL //
YouTube: / @criticalthinkingpodcast
LinkedIn: / rhynorater
X: https://x.com/Rhynorater
GitHub: https://rhynorater.github.io/aboutme/

/ David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
0:00 - Coming Up
0:40 - Introduction
01:50 - Getting Started in Bug Bounty
03:11 - Can I Make Money in Bug Bounty?
04:11 - Demo 1
06:55 - Demo 2
08:47 - Lessons for Upcoming Hackers
10:09 - Demo 3
13:49 - Are There Demos on Justin’s Podcast?
14:20 - Demo 4
18:11 - Real-Life Date of Birth Vulnerability
19:13 - Advice on Becoming a Hacker Like Justin
20:20 - What & Where to Study to Become a Bug Bounty Hacker
21:49 - How Long Does It Take?
25:07 - Outro & Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#webhacking #bugbounty #hack

Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal

Cybersecurity expert Marcus Hutchins (MalwareTech) sits down to cut through the 2026 AI hype, explaining why threat actors aren't using generative AI and why it won't replace tech jobs.

In this deep dive, Marcus reveals the reality behind the AI tech bubble and how executive hype is distracting from actual network vulnerabilities. We discuss the dangers of "vibe coding" critical infrastructure, why reactive SOC teams are giving attackers too much time, and why mastering foundational cybersecurity skills is more important now than ever. If you're navigating the current tech job market or working in threat intelligence, this is the reality check you need.

// Blog Entry //
Every Reason Why I Hate AI and you should too: https://malwaretech.com/2025/08/every...

// Marcus Hutchins’ SOCIAL //
YouTube: / malwaretechblog
Website: https://marcushutchins.com/
Discord: / discord
LinkedIn: / malwaretech
BlueSky: https://bsky.app/profile/malwaretech.com
TikTok: / itsmarcushutchins
Mastadon: https://infosec.exchange/@malwaretech
Instagram: / malwaretech
X: https://x.com/malwaretechblog

/ David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
0:00 - Coming Up
0:58 - Intro
03:03 - Why Marcus Is Tired Of AI
04:49 - Threat Actors Hurting Themselves
06:35 - Data Centres In Space
09:07 - Will AI Damage Cybersecurity?
13:25 - AI Makes Developers Lazy (Vibe Coding)
19:58 - Every Reason Why Marcus Hates AI
24:07 - Is AI A Bubble?
25:54 - Will AI Take People's Jobs?
30:56 - When Will The AI Bubble Pop?
33:55 - Marcus' Advice To The Youth
34:40 - Is AI Malware Affective?
36:27 - Proactive Defence
40:26 - Marcus Is An AI Hater
45:58 - Will There Ever Be Enough Guardrails?
48:07 - Final Thoughts
49:57 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#ai #cybersecurity #aimalware

Quantum computing isn’t just 10 years away, it’s happening now. In this deep dive, I sit down with Ramana Kompella, Head of Research at Cisco Outshift, to separate the sci-fi vaporware from the engineering reality.

We discuss the immediate threat of "Harvest Now, Decrypt Later" attacks, where bad actors steal your encrypted data today to unlock it with quantum computers tomorrow. Ramana breaks down exactly how Cisco is building the "Quantum Network" to counter this, leveraging the "No Cloning Theorem" to create unhackable communication channels.

If you are in cybersecurity, networking, or studying computer science, this is your roadmap to the future. We cover the math you need to learn (Linear Algebra), the timeline for real-world adoption (it’s closer than you think), and how Quantum Teleportation actually works at a packet level.
Topics Covered:
• The 5-Year Timeline: Why the "decade away" myth is wrong.
• Quantum Networking vs. Computing: Why we need to interconnect
quantum processors.
• The Physics of Security: How Entanglement and Teleportation prevent
eavesdropping.
• Career Advice: Why Linear Algebra is the most critical skill for AI and
Quantum jobs.
• Cisco x IBM: The partnership building the future internet.

Big thanks to Cisco for sponsoring this video and sponsoring my trip to Cisco Live Amsterdam 2026.

// Ramana Kompella’s SOCIAL //
LinkedIn: / rkompella

/ David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
0:00 - Coming Up
0:43 - Introduction
02:36 - The Exciting Part about OutShift
04:12 - The Promise of Quantum Computing
07:09 - The Importance of Partnership between IBM & Cisco
07:55 - The Difference between Classical Computing & Quantum Computing
11:25 - Why It is Important to study Maths
12:31 - Technical Details About Quantum Computing
19:19 - When Will Quantum Computing Become a Reality?
20:00 - Will Quantum Computing Break Encryption?
25:36 - Outro & Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.
#quantumnetworking #ciscooutshift #cybersecurity

In this episode, David Bombal sits down with vulnerability researcher Vladimir Tokarev (with Dawid on the interview) to show what AI-assisted vulnerability research looks like when it actually works.

Vladimir walks through two real vulnerability case studies and uses them to explain a practical workflow for finding bugs faster with LLMs, without pretending the AI is “fully autonomous.”

Demo 1: Gemini CLI command injection
Vladimir demonstrates a command injection issue in Gemini CLI tied to the IDE / VS Code extension install flow. He shows how a malicious VSIX file name or path can be crafted so that when the install command is executed, the system ends up running an attacker-controlled command (the demo uses a harmless calculator launch to prove execution). The conversation then breaks down what a VSIX is, what the realistic attack paths are (user tricked into installing a malicious extension or placing it in the right directory), and why this class of bug matters for endpoints running local AI agents.

Demo 2: VirtualBox integer overflow and VM escape class impact
Next, Vladimir switches to a VirtualBox vulnerability involving an integer overflow that can lead to out-of-bounds read/write in the host process. Because of architecture constraints, he shows the exploit behavior via a recorded clip, then explains the bug using source code. The key teaching moment is the mismatch between 32-bit arithmetic used in bounds checking and 64-bit pointer arithmetic used during the actual memory move, creating a pathway to bypass checks and copy memory outside the intended buffer.
Vladimir also explains why having both read and write primitives is powerful for exploitation, and how modern mitigations make “blind” exploitation unrealistic without memory disclosure.

How the bugs were found with AI
Vladimir then explains the workflow he uses in real engagements:
• Run static analysis to generate leads at scale
• Use an LLM to triage and filter out noise
• Validate the remaining findings by tracing code paths and checking exploitability
• Use AI again to accelerate setup, debugging, reverse engineering, and iteration

He shares a key insight: the win is not “AI finds everything for you,” it is that AI helps you spend your time on the hardest parts—validation, exploit logic, and decision-making—instead of drowning in thousands (or millions) of findings.

Why there is no fully autonomous vuln-research agent yet
Finally, Vladimir lays out four practical blockers:
1. Depth reasoning (long multi-step exploit chains)
2. Context limits (missing system-level constraints and assumptions)
3. Learning from failure (repeating bad leads)
4. Exploration (poor goal-driven search without strong reinforcement learning)

// Vladimir Tokarev’s SOCIAL //
X: https://x.com/G1ND1L4
LinkedIn: / vladimir-eliezer-tokarev

// Dawid van Straaten’s SOCIAL //
LinkedIn: / dawid-van-straaten-31a3742b
X: https://x.com/nullaxiom?s=21

// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...

Disclaimer: This video is for educational purposes only.