ThreatLocker

Big thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Forget hot glue and paper clips. Here are 7 REAL 5-minute cybersecurity hacks everyone should know in 2026. Recorded live at Zero Trust World (ZTW26), David Bombal and a team of hackers demonstrate actual cyber attacks and how quickly your systems can be compromised. From forcing AI prompt injections to steal credentials, to hiding C2 servers in plain sight on a Steam profile, these are the real-world exploits threat actors are using right now. We're diving into the technical weeds to show you Windows LNK shortcut hijacking, Linux privilege escalation via sudo misconfigurations, and how to protect yourself from these exact attacks. // Guests’ SOCIAL // Alex Benton: Rename StickyKeys https://www.linkedin.com/in/alex-benton-b805065 Kenneth Walker: Everthing is a C2 https://www.linkedin.com/in/kenneth-walker-527595109/ Jacob Meyer: Shortcut Hijack https://www.linkedin.com/in/jacob-meyer-165b8359/ David Smith: Alternate Data Streams https://www.linkedin.com/in/david-smith-sudo-wrestler Karla Abarca: The validity of an application before execution https://www.linkedin.com/in/karlaabarcacyber Ramsey Shaban: Prompt Injection https://www.linkedin.com/in/ramsey-shaban-390335205 Tillman Hall Powershell Fake Logon https://www.linkedin.com/in/tillmanhall/ Rayton Li: Rooting Around Linux: Privilege Escalations https://www.linkedin.com/in/rayton-li Kieran Human: Network Hash Stealing https://www.linkedin.com/in/kieran-human-5495ab170 // ThreatLocker’s SOCIAL // LinkedIn: https://www.linkedin.com/company/threatlockerinc/posts/?feedView=all X: https://x.com/threatlocker Instagram: https://www.instagram.com/threatlocker/ Website: https://www.threatlocker.com/ // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:59 - Intro 01:20 - ThreatLocker Sponsor 01:36 - Demo 1: Sticky Keys 04:20 - Demo 2: Steam-Based C2 Attack 09:25 - Demo 3: Shortcut Hijacking 13:32 - Demo 4: Hidden Malware in Alternate Data Streams 20:18 - Demo 5: Safe App Validation (3-Step Check) 24:39 - AI Prompt Injection Attack 28:45 - Demo 6: Linux Privilege Escalation (Sudo Abuse) 34:10 - Demo 7: Credential Theft & Hash Cracking 36:38 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #5minutehacks #hacking #redteaming