John Hammond
@johnhammond.bsky.social
Hacker. Friend. Cybersecurity Researcher at Huntress.
Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ
November 14, 2025 at 2:00 PM
Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ
Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: youtu.be/1Ymnvd1uyzQ
November 13, 2025 at 2:03 PM
Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: youtu.be/1Ymnvd1uyzQ
Fake Booking-dot-com phishing site, forced download of an "ID Verification.exe" Lua-based infostealer malware, Luac bytecode obfuscated w/ 🐬☀️🌈EMOJI🌊🌴🥥and Windows SID crafting -- video showcase of my favorite challenge that I created for Huntress CTF! youtu.be/Q3ZE36a5CuA
November 12, 2025 at 2:01 PM
Fake Booking-dot-com phishing site, forced download of an "ID Verification.exe" Lua-based infostealer malware, Luac bytecode obfuscated w/ 🐬☀️🌈EMOJI🌊🌴🥥and Windows SID crafting -- video showcase of my favorite challenge that I created for Huntress CTF! youtu.be/Q3ZE36a5CuA
Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY
November 6, 2025 at 3:45 PM
Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY
Off the tails of a recent NightShade C2 writeup, experimenting with building a "UAC prompt bomb" (... best YouTube video title I could ask for 😅(plz dont ban me)) repeatedly asking for admin privileges -- short & sweet in just a line of PowerShell! Video: youtu.be/JpWbytYrL2s
October 31, 2025 at 1:01 PM
Off the tails of a recent NightShade C2 writeup, experimenting with building a "UAC prompt bomb" (... best YouTube video title I could ask for 😅(plz dont ban me)) repeatedly asking for admin privileges -- short & sweet in just a line of PowerShell! Video: youtu.be/JpWbytYrL2s
Safari ride-style showcase of password spraying tools & techniques with an extra flair for Entra ID-- featuring OpenBullet, MSOLSpray, entraspray, TeamFiltration & hints of FireProx, OmniProx, etc to finally simply rotate IPs low and slow with Tor. Video: youtu.be/oWv50EF0juc
October 20, 2025 at 1:01 PM
Safari ride-style showcase of password spraying tools & techniques with an extra flair for Entra ID-- featuring OpenBullet, MSOLSpray, entraspray, TeamFiltration & hints of FireProx, OmniProx, etc to finally simply rotate IPs low and slow with Tor. Video: youtu.be/oWv50EF0juc
Another "old but gold" little trick, harkening back to @mubix's blog post waaay back in 2013: "Stealing passwords every time they change" -- creating a Password Filter & adding it to Windows Registry. A clever persistence trick to exfiltrate credz. Video: youtu.be/DhP2Hw-6DgY
October 16, 2025 at 1:01 PM
Another "old but gold" little trick, harkening back to @mubix's blog post waaay back in 2013: "Stealing passwords every time they change" -- creating a Password Filter & adding it to Windows Registry. A clever persistence trick to exfiltrate credz. Video: youtu.be/DhP2Hw-6DgY
An idea I had some time ago was to create an open-source project with community contributions to centralize different social engineering lure techniques & native GUI tools that could be leveraged for ClickFix... a LOLBins-style site w/ mitigations. Video: youtu.be/UQqsaO5k2M0
October 7, 2025 at 1:01 PM
An idea I had some time ago was to create an open-source project with community contributions to centralize different social engineering lure techniques & native GUI tools that could be leveraged for ClickFix... a LOLBins-style site w/ mitigations. Video: youtu.be/UQqsaO5k2M0
Golang reverse engineering walkthrough! A challenge we solve with three different approaches: (1) static analysis with IDA, (2) dynamic analysis in a debugger and (3) patching the binary and switching to a desired code path 😎 youtu.be/4-7zcq5-cNA
October 2, 2025 at 1:01 PM
Golang reverse engineering walkthrough! A challenge we solve with three different approaches: (1) static analysis with IDA, (2) dynamic analysis in a debugger and (3) patching the binary and switching to a desired code path 😎 youtu.be/4-7zcq5-cNA
A chat and demo with James Spiteri to see just how easy it is now to spin up Elastic -- and all that includes for free! We test malware, ES|QL, detections, AI triage, hunting, and everything free and easy for home labs, education, and real environments! 😄 youtu.be/7Z2zObdhN-Q
September 25, 2025 at 1:00 PM
A chat and demo with James Spiteri to see just how easy it is now to spin up Elastic -- and all that includes for free! We test malware, ES|QL, detections, AI triage, hunting, and everything free and easy for home labs, education, and real environments! 😄 youtu.be/7Z2zObdhN-Q
Video showcase of the ServiceUI.exe living-off-the-land (sorta) binary: elevation to NT AUTHORITY\SYSTEM, proxied execution that may evade detections AND a viewer-submitted PowerShell wrapper for spawning cmd.exe as Trusted Installer with all privileges 😎 youtu.be/BsEwsKQJtk8
September 23, 2025 at 1:01 PM
Video showcase of the ServiceUI.exe living-off-the-land (sorta) binary: elevation to NT AUTHORITY\SYSTEM, proxied execution that may evade detections AND a viewer-submitted PowerShell wrapper for spawning cmd.exe as Trusted Installer with all privileges 😎 youtu.be/BsEwsKQJtk8
Clever & cutesy malware infection chain, starting with a typosquat domain, "ClickFix-like" setup but actually not ClickFix -- search-ms: handler to attacker network share, fake PDF lure to download and run an MSI-- ultimately another commodity stealer tho. youtu.be/EZ6TEjx7JLw
September 11, 2025 at 1:11 PM
Clever & cutesy malware infection chain, starting with a typosquat domain, "ClickFix-like" setup but actually not ClickFix -- search-ms: handler to attacker network share, fake PDF lure to download and run an MSI-- ultimately another commodity stealer tho. youtu.be/EZ6TEjx7JLw
Top 5 Ways You Get Hacked -- casual video without a demo, but some fun looking through a recent writeup (or low-key rant, they say) from @SecurityAura "Ransomware in SMBs: Top 5 Missing or Incomplete Controls That Could Help Prevent or Cripple Attackers" youtu.be/AG3DYX4_EE4
September 4, 2025 at 1:00 PM
Top 5 Ways You Get Hacked -- casual video without a demo, but some fun looking through a recent writeup (or low-key rant, they say) from @SecurityAura "Ransomware in SMBs: Top 5 Missing or Incomplete Controls That Could Help Prevent or Cripple Attackers" youtu.be/AG3DYX4_EE4
Very late on getting this video out the door, but a teeny weeny showcase of the recent Docker for Desktop on Windows & MacOS container escape, CVE-2025-9074 -- proof of concept was included so a simple demo of arbitrary file write & file read on the host: youtu.be/dTqxNc1MVLE
September 3, 2025 at 1:05 PM
Very late on getting this video out the door, but a teeny weeny showcase of the recent Docker for Desktop on Windows & MacOS container escape, CVE-2025-9074 -- proof of concept was included so a simple demo of arbitrary file write & file read on the host: youtu.be/dTqxNc1MVLE
The fake EUROPOL / Qilin ransomware gang notice that flew around a few weeks ago was a funny story. I yapped about it in a video and briefly peeked into some Telegram channels to see cybercrime kiddos dropping LOLs and LMAOs on their counterintel op: youtu.be/gJ7gjZr6qIk
August 28, 2025 at 2:30 PM
The fake EUROPOL / Qilin ransomware gang notice that flew around a few weeks ago was a funny story. I yapped about it in a video and briefly peeked into some Telegram channels to see cybercrime kiddos dropping LOLs and LMAOs on their counterintel op: youtu.be/gJ7gjZr6qIk
Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! youtu.be/rkMNOC8fhUQ
August 26, 2025 at 1:00 PM
Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! youtu.be/rkMNOC8fhUQ
I FINALLY got a chance to chat with James Kettle @albinowax and hear about his latest research, with a cool caption "HTTP/1.1 Must Die" 😎 Mind-blowing work including desync attacks and critical vulnerabilities affecting websites & CDNs... and a demo! youtu.be/n3Bw8CASnHE
August 25, 2025 at 1:01 PM
I FINALLY got a chance to chat with James Kettle @albinowax and hear about his latest research, with a cool caption "HTTP/1.1 Must Die" 😎 Mind-blowing work including desync attacks and critical vulnerabilities affecting websites & CDNs... and a demo! youtu.be/n3Bw8CASnHE
the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs
August 22, 2025 at 1:15 PM
the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs
An alternative to Shift+F10 to open an administrative command prompt during the Windows initial setup and Out-of-Box-Experience (OOBE) -- video showcase of @_bka_ 's newfound trick to revive a simple method for backdoors and unintended access: youtu.be/idogu3Y6ia8
August 21, 2025 at 1:00 PM
An alternative to Shift+F10 to open an administrative command prompt during the Windows initial setup and Out-of-Box-Experience (OOBE) -- video showcase of @_bka_ 's newfound trick to revive a simple method for backdoors and unintended access: youtu.be/idogu3Y6ia8
The ん Japanese hiragana character: recently used in Booking[.]com phishing campaigns as a "Punycode" Unicode lookalike symbol for forward slashes in URL links! Homoglyph attack that makes us curious what, if any, other lookalike characters do the same: youtu.be/nxVr4ERhrPQ
August 20, 2025 at 1:02 PM
The ん Japanese hiragana character: recently used in Booking[.]com phishing campaigns as a "Punycode" Unicode lookalike symbol for forward slashes in URL links! Homoglyph attack that makes us curious what, if any, other lookalike characters do the same: youtu.be/nxVr4ERhrPQ
The new Bloodhound version has some genuinely crazy cool new features -- OpenGraph really blows the doors off the potential for Bloodhound to not just map attack paths within Microsoft Active Directory or Entra ID tenants, but now... ANYTHING 🤩 youtu.be/kVOjXGbm_Ro
August 19, 2025 at 1:03 PM
The new Bloodhound version has some genuinely crazy cool new features -- OpenGraph really blows the doors off the potential for Bloodhound to not just map attack paths within Microsoft Active Directory or Entra ID tenants, but now... ANYTHING 🤩 youtu.be/kVOjXGbm_Ro
I have horrible news. YouTube thumbnails with my stupid, dumb face are back.
Minecraft malware inside a ChatTrigger mod that makes (hilariously) almost no effort whatsoever to obfuscate or hide its functionality: youtu.be/oQvKoJAbm98
Minecraft malware inside a ChatTrigger mod that makes (hilariously) almost no effort whatsoever to obfuscate or hide its functionality: youtu.be/oQvKoJAbm98
August 18, 2025 at 1:02 PM
I have horrible news. YouTube thumbnails with my stupid, dumb face are back.
Minecraft malware inside a ChatTrigger mod that makes (hilariously) almost no effort whatsoever to obfuscate or hide its functionality: youtu.be/oQvKoJAbm98
Minecraft malware inside a ChatTrigger mod that makes (hilariously) almost no effort whatsoever to obfuscate or hide its functionality: youtu.be/oQvKoJAbm98
Video: Introduction to Beacon Object Files (BOFs)! Executing native code in-memory and at runtime to improve red team stealth. 😎 We start small to understand Dynamic Function Resolution and create a small Empire module to call Win32 API functions! youtu.be/p3fByg8pa1g
July 18, 2025 at 1:02 PM
Video: Introduction to Beacon Object Files (BOFs)! Executing native code in-memory and at runtime to improve red team stealth. 😎 We start small to understand Dynamic Function Resolution and create a small Empire module to call Win32 API functions! youtu.be/p3fByg8pa1g
Video demo to play with ArgFuscator -- the super cool research and utility from @Wietze to obfuscate command-lines to try and evade AV or EDR detection 😎 And to test your rules if any of these crazy looking commands fly under the radar! youtu.be/6-Gbv0h7m1I
July 11, 2025 at 1:01 PM
Video demo to play with ArgFuscator -- the super cool research and utility from @Wietze to obfuscate command-lines to try and evade AV or EDR detection 😎 And to test your rules if any of these crazy looking commands fly under the radar! youtu.be/6-Gbv0h7m1I
Malware sample by a Discord CDN redirect from an alleged Xbox game ROM -- with a few clever tricks! Hiding a payload within the RGB color values of an embedded image inside a wallpaper picture... stored, saved and served on the Internet Archive 😂😬🙃 youtu.be/LwKOS10lblk
July 2, 2025 at 1:01 PM
Malware sample by a Discord CDN redirect from an alleged Xbox game ROM -- with a few clever tricks! Hiding a payload within the RGB color values of an embedded image inside a wallpaper picture... stored, saved and served on the Internet Archive 😂😬🙃 youtu.be/LwKOS10lblk