One of the best channels on cybersec who actually teaches and explains some great stuff not just teaching how to run scripts like most other youtubers do..John is the one who motivated me to get into this field.Lets do our share and help him grow his channel.Thanks john for all the great content.Lots of love and respect man🙏
Thank you so much! I really appreciate all the kind words! I feel like some of explanations are a bit hit-or-miss, looking back they look like a big fail in some videos bahaha. Thanks so much for watching!
@@_JohnHammond whats makes you so much better is showing the fails (expecially in the malware analysis Videos.) Other TH-camrs would wrap it up like Here is the sample, I unscrambled it to get stage 2, which downloads *insert RAT here*. Remember to like and subscribe and sub to my Patreon
John I took part in ACI CTF and managed to rack up around a mere 1800 pts, Love your videos and everything always seem to easy to you (Just a representation of your hard work no doubt). Keep up the amazing work.
Hey that is still awesome! As long as you are playing and trying to learn, that is all that counts! Keep in mind I still struggle with these for hours, and the actual "writeup" or solution I showcase is often just me highlighting the things that work ahaha. So a 10 minute video could be really 2 hours of troubleshooting and debugging beforehand. :) Thank you so much for watching!
This is literally me as well! I found him out this week tuned in to 3 vids in a row. Wish I knew of his channel before I graduated tho, I would be way sharper, by now.
Hey John tell us about your host os ( I know it is ubantu but but I want to know about how you customized that and what tools you use mostly) Please make a video.
it might work if you used < to redirect the file into the command, but piping seems to work fine. it's like a way to avoid typing the payload manually. apologies if I've misunderstood your question.
Do you know of any tools to do this kind of thing if the backend server is running python with a pickle deserilization vulnerability? I wrote my own script called "evilPickle.py" to generate payloads like this but it is barely functional at the best of times.
Hmmm, there might be one out there but I do not know off the top of my head. That would be a very cool and certainly a fun project to build! Thanks so much for watching!
Hey John how are you running LInux? I'm trying to run an Ubuntu VM on mac in virtual box and it's super laggy. I may go and pay for a subscription to parallels desktop
@@_JohnHammond Thanks for the reply! I love your content and I've learned quite a bit from your videos. At the moment, I'm in college as a computer science major and I'm looking to work in the cybersecurity field once I graduate. For now, I'm running Ubuntu in a vm because it makes the most sense for my situation. Maybe one day it will be my host OS!
Thanks this was helpful! Regarding the ping command not working initially, maybe it required to be encapsulated in double quotes? If we go with that, not sure why the other version worked xD Anyways, thanks!
One of the best channels on cybersec who actually teaches and explains some great stuff not just teaching how to run scripts like most other youtubers do..John is the one who motivated me to get into this field.Lets do our share and help him grow his channel.Thanks john for all the great content.Lots of love and respect man🙏
Thank you so much! I really appreciate all the kind words! I feel like some of explanations are a bit hit-or-miss, looking back they look like a big fail in some videos bahaha. Thanks so much for watching!
@@_JohnHammond whats makes you so much better is showing the fails (expecially in the malware analysis Videos.)
Other TH-camrs would wrap it up like
Here is the sample, I unscrambled it to get stage 2, which downloads *insert RAT here*.
Remember to like and subscribe and sub to my Patreon
I hope to fully understand what you're doing in these videos one day- really cool stuff. Thanks for sharing.
John I took part in ACI CTF and managed to rack up around a mere 1800 pts, Love your videos and everything always seem to easy to you (Just a representation of your hard work no doubt). Keep up the amazing work.
Hey that is still awesome! As long as you are playing and trying to learn, that is all that counts! Keep in mind I still struggle with these for hours, and the actual "writeup" or solution I showcase is often just me highlighting the things that work ahaha. So a 10 minute video could be really 2 hours of troubleshooting and debugging beforehand. :) Thank you so much for watching!
Just discovered your channel this week, your content is amazing.I wish I would have discovered it earlier.
This is literally me as well! I found him out this week tuned in to 3 vids in a row. Wish I knew of his channel before I graduated tho, I would be way sharper, by now.
Same here, found out about this channel 3 weeks ago. Coolest stuff I've seen in a long time.
Very happy to hear that! Thank you so much!
@@Ayahalom123 מה נשמה, אתה מארץ ישראל?
@@XxLIVExX24 Lucky for me I'm not in school so his videos are my classes for pentesting.
Thanks for this vid. Was just learning about insecure deserialization attacks and using ysoserial. Your video was the first video result in google.
Just awesome content! Learning a lot from you. Thank you and keep it up!
Very happy to hear that! Thanks so much for watching!
Video was awesome as always. Great job.
Thank you so much! I'll keep them coming!
WE LOVE THE DAILY UPLOADS, DONT STOP
THANK YOU! I am set for the month of May, but need to do a bit more recording to keep getting more in the backlog! Thanks so much for watching!
hey john this video didn't suck, please keep doing them
Really good video, dude. Nice and easy to follow.
thank you very much, you are the sun that monetizes the glow
Thanks a lot for explaining this one! Much help :-)
Thanks so much for watching!
Another great video. Thank you!
Thank you so much! And thanks for watching!
Loved this, will give this a try
finally one on JAVA :-), Good one JOhn, btw i have joined your discord community ,it is great
Happy to hear that! Thank you so much for joining the party -- and thanks for watching!
I admire your skill set.
Ah thank you! And thanks for watching!
Nice videos i am leaning new skilles watching youe videos and i like them, continue.
Very happy to hear that! Thanks so much for watching!
Please also explain how the exploit works after using it. It helps a lot. Pleaasseeeeeeee!
Hey John tell us about your host os ( I know it is ubantu but but I want to know about how you customized that and what tools you use mostly)
Please make a video.
A lot have been asking for that lately, I can certainly try and do that soon!
This one is much needed :)
Happy to hear that! Thanks so much for watching!
Is there any writeup/video on the CTF(?) where you used ysoserial with RMI?
I believe I have one with the All Army Cyberstakes, "Y So Serious" or something like that. There is a picture of Joker in the thumbnail :)
so the hardest thing here was downloading whysoserial am I right?
Y fearless music at the end..try hall of frame musiq
can someone tell me why we using cat payload and then piping it to netcat , does cat payload suppose to do something ?
it might work if you used < to redirect the file into the command, but piping seems to work fine. it's like a way to avoid typing the payload manually. apologies if I've misunderstood your question.
Do you know of any tools to do this kind of thing if the backend server is running python with a pickle deserilization vulnerability? I wrote my own script called "evilPickle.py" to generate payloads like this but it is barely functional at the best of times.
Hmmm, there might be one out there but I do not know off the top of my head. That would be a very cool and certainly a fun project to build! Thanks so much for watching!
I love the reference for why so serial?
Hahaha. Mixing in the Joker makes it fun! Thanks so much for watching!
Who the hell keeps putting 1 dislike on your videos!?!?
Bahahah I've seen it for years and have never been able to track them down! I'm glad someone else sees it too!
Thanks for watching!
Nice one..
Hey John how are you running LInux? I'm trying to run an Ubuntu VM on mac in virtual box and it's super laggy. I may go and pay for a subscription to parallels desktop
I run Ubuntu as my daily driver, it is installed as the host OS on my laptop. Whenever I can avoid VMs I try to ahaha. Thanks so much for watching!
@@_JohnHammond Thanks for the reply! I love your content and I've learned quite a bit from your videos. At the moment, I'm in college as a computer science major and I'm looking to work in the cybersecurity field once I graduate. For now, I'm running Ubuntu in a vm because it makes the most sense for my situation. Maybe one day it will be my host OS!
thanks
Mmm I was just reading into ysoserial just the other day.
It's a super cool tool! Thanks so much for watching!
did anyone see the 493 MB/s when he did wget damn
I don't know where you saw that but to me, it seemed like it was between 4 and 6 MB/s
Great
Thanks so much for watching!
Didn't get a lot of what was happening tbh!! This one seems a bit more advanced than the other ones 😅😅😅
Yeeeah this one was tough, it didn't have as many solves. Thanks so much for watching!
Hey John 🙂 nice video... I'm wondering about how can we train an AI to make more efficient payloads or maybe to find vulnerabilities.
Could you do a video writeup for 'No Escape'? I got stuck on that one and really want to know how to complete it.
I have that one solved, I can certainly release a video for that one this week! Thanks so much for watching!
Comment for the algo god
You're the man! (The "e" Man!) Thank you so much, and thank you for watching!
Git comments,canry 1 number work headel
nice video again. It's not necessary to be so fast :)
Shoot, I always gotta work on that, slowing down a bit. :) Thanks so much for watching!
Hi John Hammond! Can you cover Tryhackme Gamezone room without the use of burpsuite? I would love to see that!
Ooooh I have not seen that one yet -- I will have to take a look and see if I can get that one out for you! Thanks so much for watching!
i just struggle with java 😂😂
trying to solve one room in tryahackme and this video really help me
thanks 🤗🤗
Thanks this was helpful! Regarding the ping command not working initially, maybe it required to be encapsulated in double quotes? If we go with that, not sure why the other version worked xD
Anyways, thanks!