John Hammond's Avatar

John Hammond

@johnhammond.bsky.social

Hacker. Friend. Cybersecurity Researcher at Huntress.

8,692 Followers  |  28 Following  |  174 Posts  |  Joined: 06.07.2023  |  1.6952

Latest posts by johnhammond.bsky.social on Bluesky

Post image

February got here fast-- and the 2026 Snyk Fetch the Flag CTF came up quick too! This year my friend NahamSec is hosting the game, starting NEXT THURSDAY 2/12 at 12pm ET! Free 24-hour Capture the Flag event with AR glasses as prizes 😎 See ya there! jh.live/snyk-ftf2026

06.02.2026 15:02 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Cyber & Dev #2: MCP This blog post is meant as supporting material to go along with a video I am making on the same topic (will provide a link when that goes live). This is part of a series I’m doing to help give people…

Also, meme thumbnail experiment continues. Disaster girl feels appropriate when AI might burn down your codebase.

This is the first time Zack and I got to hang out and chat, please show him and his writeup some love! All credit to him and his work -- his blog: zkorman.com/posts/cyberd...

21.01.2026 14:00 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cyber & Dev #2: MCP This blog post is meant as supporting material to go along with a video I am making on the same topic (will provide a link when that goes live). This is part of a series I’m doing to help give people…

I for one am totally guilty of just throwing caution to wind and poking at the newfangled whizbang AI world with reckless abandon -- but whatever "black box" we tout it to be, there's stuff you don't notice and forget that just you accepted the risk.

21.01.2026 14:00 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Are MCP servers safe and secure? Yes? No? Sometimes? Maybe? ... Zack Korman shows me some of his learnings on MCP security (or lack thereof) with his "Evil MCP" project 😈 YouTube link: youtu.be/_r_sLetar_o

1. data exfil of your prompts & code context
2. inserting vulnerabilities into your code

21.01.2026 14:00 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Feels good to get something out the door again. I hope you take a look! YouTube link: youtu.be/Mw8DVcLSZIc

15.01.2026 14:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I'm experimenting with MEMES in the THUMBNAIL and SHORT video TITLES to MITIGATE against CLICKBAIT

Also experimenting with longer social text promos for video releases to add more preview details and context. I no longer have to just feed algorithms, but now LLMs, too!

15.01.2026 14:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

No Registry writes, API calls or registry callbacks because it's just a single file placed on disk! Kinda neat.

This is my first recording after a month break for the holidays and it was _painful_ -- lots of fails and mistakes and it took many hours πŸ˜…

15.01.2026 14:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

3. exporting, downloading, and hijacking an existing target user profile NTUSER.DAT or HKCU Registry hive,
4. converting hives from .reg plaintext to binary with the HiveSwarming.exe tool,
5. and establishing persistence with the new backdoored NTUSER dot MAN profile we upload!

15.01.2026 14:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Video demo of the NTUSER dot MAN trick I saw floating around before the new year -- I did not know this was a thingπŸ‘€ Hat tip to DeceptIQ et al.... we showcase:

1. breaking a Windows login with an empty user profile,
2. getting initial access EZPZ with a Sliver C2 implant,

15.01.2026 14:02 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

"'ConsentFix', a browser-based ClickFix-style attack with OAuth consent grants" ... leveraging the Azure CLI app client to social engineer for easy access into Entra ID πŸ‘€ I got nerdsniped by this, so I played with it a bit and tried a drag-and-drop gesture! Video: youtu.be/AAiiIY-Soak

13.12.2025 14:00 β€” πŸ‘ 12    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

Infostealer malware logs -- maybe an unconventional threat intel source, but Estelle Ruellan shows me her sweet research using LLMs to analyze stealer logs at scale:
- How did a victim get infected?
- Can we uncover a threat actor when they infect themselves? and more.
Video: youtu.be/3j4jzCU0Kwc

12.12.2025 16:05 β€” πŸ‘ 10    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Continuing THE FUTURE IS ****** comic book Capture The Flag challenges! Carving email attachments to uncover malicious Microsoft Office macros with olevba, prompt injection within an AI chatbot, and tracking network packets to uncover flags! Video: youtu.be/Oiv3TaIR9UY

08.12.2025 14:01 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Post image

Yapping about the GlassWorm supply chain malware campaign and the neato tricks it uses with "Invisible Unicode" characters -- essentially whitespace steganography, showcasing the Hangul Filler, zero-width space, & Private Use Area characters 🀯 Video: youtu.be/0XumkGQFEEk

05.12.2025 14:00 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
TryHackMe | Cyber Security Training TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Big thanks to @tryhackme for their continued support of the channel! You can jump into the Advent of Cyber 2025 event right now, it is free to play and anyone can join to level up their cybersecurity skills with a new task every day! jh.live/aoc2025

02.12.2025 15:55 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Flattered to help start the party for the Advent of Cyber Day 02 task from TryHackMe -- walking through today's challenge using the Social Engineer Toolkit to send a phishing email and snag passwords with a simple Python HTTP server! Video: youtu.be/w8O8FcRgDXU

02.12.2025 15:55 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: youtu.be/wFBdeak0t70

29.11.2025 14:27 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Post image

Walking through the Advent of Cyber "Prep Track" from TryHackMe! Some warmup tasks before the real free event kicks off December 1 running through December 24 -- we start the party with password security, insecure defaults, log analysis and more. Video:
youtu.be/Ap5tIJtt4Tk

28.11.2025 14:00 β€” πŸ‘ 8    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Walking through a PowerShell keylogger, which uses some inline C# to snag Win32 API functions from user32.dll, and funnels back keys and system info to a Tor onion address -- a nifty little challenge from LetsDefend (now part of Hack The Box πŸ”₯) Video: youtu.be/bF72IEGzniU

25.11.2025 15:32 β€” πŸ‘ 9    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Tracking down a rogue Windows service for webshell persistence -- just a teeny weeny PowerShell HTTP server wrapped with NSSM, showcased with Wazuh and their sweet new 4.14 release with visibility on IT hygiene 😎 Video: youtu.be/7Gn1GY5CIxg

24.11.2025 17:11 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Hacking Twitch Chat 😎 L3TH4L_P4ND4 shows me what looks like template injection or unsanitized variable expansion with StreamElements, then leverages Nightbot to mod yourself, ban accounts, change livestream settings or many more hijinks 😜 Video: youtu.be/8G45lYCZzZ8

23.11.2025 14:01 β€” πŸ‘ 25    πŸ” 9    πŸ’¬ 0    πŸ“Œ 13
Post image

Uncovered screen recordings from threat actors! πŸ‘€ Real footage of cybercriminals using anti-detect browsers and infostealer malware logs for session hijacking, and another using GraphSpy to read their Entra ID victim's emails in Outlook! πŸ’€ Video: youtu.be/vX7JcpRqbEk

22.11.2025 14:00 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Improve Entra ID Security More Quickly At BSides Northern Virginia (BSides NoVa) in October 2025, I presented a talk on how to improve Entra ID security quickly. This post captures the key information from my talk slides. This article…

Hat tip, kudos, and all credit where credit is due to @ PyroTek3 for his research and work referenced in this video! adsecurity.org?p=4825

18.11.2025 15:00 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

Walking through the start of Sean Metcalf's presentation and writeup on "Improving Entra ID Security More Quickly"... starting with removing some insecure defaults for user settings, device settings, and guest access! youtu.be/WUHzpDdauAw

18.11.2025 15:00 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Solving some of the beginning Capture the Flag challenges that are included within THE FUTURE IS ****** comics... classic ciphers, mixing image R G B color values, and some quick Python code analysis! Video: youtu.be/lk9_h5DoDMw

16.11.2025 14:00 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ

14.11.2025 14:00 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: youtu.be/1Ymnvd1uyzQ

13.11.2025 14:03 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Fake Booking-dot-com phishing site, forced download of an "ID Verification.exe" Lua-based infostealer malware, Luac bytecode obfuscated w/ πŸ¬β˜€οΈπŸŒˆEMOJI🌊🌴πŸ₯₯and Windows SID crafting -- video showcase of my favorite challenge that I created for Huntress CTF! youtu.be/Q3ZE36a5CuA

12.11.2025 14:01 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY

06.11.2025 15:45 β€” πŸ‘ 16    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Panther | The Security Monitoring Platform for the Cloud Panther is the security monitoring platform for the cloud, trusted by teams at Zapier, Dropbox, Asana and more to optimize costs and control, accelerate detection and response, and achieve…

And a HUGE thank you to Panther for sponsoring this video! Take control of your security operations with Panther -- you can ditch legacy SIEMs and embrace an AI-driven, autonomous and engineer-first SOC platform and solution: jh.live/panther

31.10.2025 13:01 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Off the tails of a recent NightShade C2 writeup, experimenting with building a "UAC prompt bomb" (... best YouTube video title I could ask for πŸ˜…(plz dont ban me)) repeatedly asking for admin privileges -- short & sweet in just a line of PowerShell! Video: youtu.be/JpWbytYrL2s

31.10.2025 13:01 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

@johnhammond is following 19 prominent accounts