A Linux backdoor is being sold on the dark web for $1,600 USD.
The developer called it "PamDOORa", while it abuses the Linux PAM stack for persistent SSH access, credential harvesting, and wiping logs. YouTube Video: https://youtu.be/3YB4XGy8xwE
John Hammond
- 6.8K Followers
- 96 Following
- 462 Posts
Hacker. Friends. Cybersecurity Researcher.
Yesterday I received an email to notify me of a case that looked like a malicious Google sponsored ad result. I tried to make sense of it, unraveling some obfuscated JavaScript, then stages of Batch and PowerShell (with some interesting code comments), leading to an InnoSetup installer of an unexpected SVN application -- a bundle pre-packaging the legitimate software, but with a modified malicious DLL.
Turns out to be what seems like an endpoint-specific derivative of a something seen as a browser-based phishing kit... that I don't know if I have seen many folks talk about before? 👀 I really had fun recording this one and poking through these -- also, I say "presumably" WAY too many times in this video. (... presumably) https://youtu.be/NIi4i9IjshM
Google served me Malware
"I Built an AI Cybersecurity Research Factory (for CTFs & Vulnerabilities)!" ... long-form video demonstration that doubles as "how I personally use AI lately," and some playground experiments setting it in motion to go hack away on wargames and potential software applications 🤖 Video link: https://youtu.be/j7GpjcyJYtU
Hey-o, I'm jumping in to host a show to demystify the dark web alongside Women in Cybersecurity (WiCyS) (huge thanks to Lynn Dohm for letting me join the party) this Thursday, April 30 at 12pm CT! Should be fun, hope to see you there too 😊 Link: https://jh.live/wicys-webinar
During tax season I got a notification that my tax documents are ready, from... uh... Zoom 😂 Phishing email leveraging their legitimate document sharing functionality, pointing to a link and a domain that _looks like_ an IRS website, but, infects your computer. Video link: https://youtu.be/p6ySQ94GZsA
hELLO
the tIME HAS cOME oNCE AGAIN on my cONTENT cALENDAR
for me to continue to scream and shout about
oUR VIRTUAL EVENT ContinuumCon 2026
jUNE 12 - 14 https://continuumcon.com
livestream run of show is free & public but all workshop sessions get into hands-on labs
see u there ✌️
the tIME HAS cOME oNCE AGAIN on my cONTENT cALENDAR
for me to continue to scream and shout about
oUR VIRTUAL EVENT ContinuumCon 2026
jUNE 12 - 14 https://continuumcon.com
livestream run of show is free & public but all workshop sessions get into hands-on labs
see u there ✌️
A funny slew of phishing emails I've seen flying around: a legitimate Facebook Business invite notification, but bad actors stuffing threatening urgency into their "name" values that get inserted into the real email. And the phishing landing page is hysterical. 🤣 Video link: https://youtu.be/QRN3t1_paTY
More ConsentFix -- a "V3" some might say, shared amongst a dark web/cybercrime forum, and a treasure trove of tradecraft to see how bad actors leverage third-party sites and services to do their dirty work. 👀 Video:
https://youtu.be/T3oVdPCMDJw
https://youtu.be/T3oVdPCMDJw
Joined by Katrina Manson to hear all about her latest book release: Project Maven & the Dawn of AI Warfare 👀
We talk AI usage at the Pentagon, drone intel, AI enabled targeting, and the ethical tipping point of autonomous weapons. Super fascinating ideas. Video: https://youtu.be/OVgruylpVXc
