Big thanks to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video.  To start your free trial with ThreatLocker please use the following link:  https://www.threatlocker.com/davidbombal

Forget hot glue and paper clips. Here are 7 REAL 5-minute cybersecurity hacks everyone should know in 2026. Recorded live at Zero Trust World (ZTW26), David Bombal and a team of hackers demonstrate actual cyber attacks and how quickly your systems can be compromised.

From forcing AI prompt injections to steal credentials, to hiding C2 servers
in plain sight on a Steam profile, these are the real-world exploits threat actors are using right now. We're diving into the technical weeds to show you Windows LNK shortcut hijacking, Linux privilege escalation via sudo misconfigurations, and how to protect yourself from these exact attacks.

// Guests’ SOCIAL //
Alex Benton: Rename StickyKeys    https://www.linkedin.com/in/alex-benton-b805065
Kenneth Walker:  Everthing is a C2    https://www.linkedin.com/in/kenneth-walker-527595109/
Jacob Meyer:  Shortcut Hijack    https://www.linkedin.com/in/jacob-meyer-165b8359/
David Smith:  Alternate Data Streams    https://www.linkedin.com/in/david-smith-sudo-wrestler
Karla Abarca:  The validity of an application before execution    https://www.linkedin.com/in/karlaabarcacyber
Ramsey Shaban:  Prompt Injection    https://www.linkedin.com/in/ramsey-shaban-390335205
Tillman Hall     Powershell Fake Logon    https://www.linkedin.com/in/tillmanhall/
Rayton Li:  Rooting Around Linux: Privilege Escalations    https://www.linkedin.com/in/rayton-li
Kieran Human:  Network Hash Stealing    https://www.linkedin.com/in/kieran-human-5495ab170

// ThreatLocker’s SOCIAL //
LinkedIn:  https://www.linkedin.com/company/threatlockerinc/posts/?feedView=all

X:  https://x.com/threatlocker
Instagram:  https://www.instagram.com/threatlocker/
Website:  https://www.threatlocker.com/

// David's SOCIAL // 
Discord: https://discord.com/invite/usKSyzb 
X: https://www.twitter.com/davidbombal 
Instagram: https://www.instagram.com/davidbombal 
LinkedIn: https://www.linkedin.com/in/davidbombal 
Facebook: https://www.facebook.com/davidbombal.co 
TikTok: http://tiktok.com/@davidbombal 
YouTube: https://www.youtube.com/@davidbombal
Spotify:  https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud:  https://soundcloud.com/davidbombal
Apple Podcast:  https://podcasts.apple.com/us/podcast/david-bombal/id1466865532

// MY STUFF //
https://www.amazon.com/shop/davidbombal 

// SPONSORS // 
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU //
0:00 - Coming Up
0:59 - Intro
01:20 - ThreatLocker Sponsor
01:36 - Demo 1: Sticky Keys
04:20 - Demo 2: Steam-Based C2 Attack
09:25 - Demo 3: Shortcut Hijacking
13:32 - Demo 4: Hidden Malware in Alternate Data Streams
20:18 - Demo 5: Safe App Validation (3-Step Check)
24:39 - AI Prompt Injection Attack
28:45 - Demo 6: Linux Privilege Escalation (Sudo Abuse)
34:10 - Demo 7: Credential Theft & Hash Cracking
36:38 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! 

Disclaimer: This video is for educational purposes only.
#5minutehacks #hacking #redteaming

David Bombal

A collection of seven live cybersecurity demonstrations covering common attack techniques and defenses. Demos include: the sticky keys exploit for bypassing Windows login, using Steam as a C2 channel via PowerShell, LNK shortcut hijacking with a new tool that hides malicious payloads from IT inspection, hiding executables in Windows alternate data streams to evade antivirus, verifying application legitimacy before execution, prompt injection attacks against AI coding assistants like GitHub Copilot, Linux privilege escalation via misconfigured sudo permissions for Python, and credential theft over the network using Responder and hashcat. Each demo is presented in roughly five minutes and includes brief commentary on real-world usage and how tools like ThreatLocker can detect or prevent the attacks.

7 REAL 5-Minute Cybersecurity Hacks Everyone Should Know