John Hammond

@JohnHammond@infosec.exchange
6.4K Followers
96 Following
380 Posts
Hacker. Friends. Cybersecurity Researcher.

Malware sample by a Discord CDN redirect from an alleged Xbox game ROM -- with a few clever tricks! Hiding a payload within the RGB color values of an embedded image inside a wallpaper picture... stored, saved and served on the Internet Archive 😂😎🙃 https://youtu.be/LwKOS10lblk

Big thanks to Drata for sponsoring this video! Bring Governance, Risk and Compliance (GRC) work into the modern age with Drata: https://jh.live/drata

Late to the party but another video to demo the "FileFix" trick that @mrd0x wrote about, leveraging the address bar in Windows file explorer to run a command and potential payload -- with the ClickFix playbook just instructing an end user to run malware 🙃 https://youtu.be/Vz2ak0YW_L4

Big thanks to @AlteredSecurity for sponsoring this video and their continued support of the channel! They have their Hacker Summer sale on right now -- 20% off with their code HACKERSUMMER20OFF! https://jh.live/alteredsecurity

Video interview joined by Dahvid Schloss (the WMD course developer at @JustHackingHQ ! ðŸĪĐ) who shows off some of the basics of Windows malware development, from a standard shellcode loader to a more evasive dropper 😎 https://youtu.be/izf8ptPVh2g
Learning Active Directory Certificate Service hacking-- with @Shikata! Starting with ESC8 using unauthenticated PetitPotam & Responder, we relay hashes to CA to get a certificate as the domain controller. This is the first video in an ADCS mini-series 😜 https://youtu.be/tYxJMr8jAgo
Hunting for phishing kits, keying off a simple Telegram API request used to exfiltrate info to Telegram bots! Safari ride showcase of Microsoft login lures, Facebook, and more -- then we "make our own" to see them in action ðŸĪŠ https://youtu.be/sSuAKE7gjBM
Chatting with mah fwend and co-worker @JonnyJohnson_ to learn all about Event Tracing for Windows, and some super cool projects he has been working on: a lightweight and custom "toy EDR" JonMon and ETWInspector to help with Windows telemetry research! https://youtu.be/BNWAxJFL6uM
Playing with Windows Sandbox, following the recent reports of APT10 subgroup "MirrorFace" using it intentionally to execute malware without the watchful eye of antivirus or EDR -- because it's in a VM 😜 Shared folders still give access to the filesystem: https://youtu.be/O20WhmCspqo

Following the recent UNC6032 writeup from Mandiant with the stupid but clever "Unicode space padded filenames" trick for malware, I recorded an even more stupid video to recreate that in bad PowerShell code and then make a crappy Sigma rule to detect it 🙂 https://youtu.be/aj3uBl9hFxY

Big thanks to @Antisy_Training for sponsoring this video and their continued support of the channel! Check out their training material including their Pay Forward What You Can offering! https://jh.live/antisyphon

Exploring a backdoored Github repository abusing .suo deserialization, so just opening a Visual Studio solution file runs malware- then a PowerShell script pulls further payloads from social media... and we stumble onto the actor actively preparing more!👀 https://youtu.be/pw0xSFEnowk
Golang extravaganza in an exploratory video where we make example "malware" with hidden "secrets" and dig into it with different tools-- between Binja, IDA, GHIDRA, then Redress, GoReSym & finally obfuscate with garble. Then GoStringUngarbler and more! ðŸĪŠ https://youtu.be/gewnAzaZXQo
golang obfuscated malware goes crazy

YouTube