John Hammond
Malware Analysis, Software Exploits, and Scripting with a focus on reverse engineering and live debugging.
Nutrition Label
John Hammond delivers highly technical, hands-on demonstrations of malware analysis and software vulnerabilities, often executing exploits live on camera. While the content excels at demystifying complex attack vectors through real-time debugging and code review, it typically focuses on reproducing existing research rather than presenting novel zero-day discoveries.
Strengths
- +
- +
- +
Notes
- !He often reproduces existing CVEs, so check the description for links to the primary research sources.
- !Videos involve heavy live debugging, so be prepared to read raw code and terminal outputs.
Rating Breakdown
Breakdown across the key dimensions we rate. Methodology →
Recent Videos
Hardware Hacking 101: with a custom physical kit!
The Payload Podcast #003
crypto scammers phish with physical mail
ContinuumCon Prep (with Greg Ake!)
![h?ckers a[r]e gl*bbing](/_next/image?url=https%3A%2F%2Fi.ytimg.com%2Fvi%2FIImLVU39V_Q%2Fhqdefault.jpg&w=3840&q=75)
h?ckers a[r]e gl*bbing
thousands of Google API keys exposed
Learn PowerShell!
The Payload Podcast #002 with Connor McGarr
Russia is hacking zero-days again
ContinuumCon is back for 2026!
An Interview with Eva Benn!
TiKTok needs to fix this vulnerability
AI wrote a hit piece
this is really funny
Moltbook is still weird (and AI skills suck)
Why this rating
Evidence receipts showing why each dimension is rated the way it is.
“We can literally see inside of the extension.js... it is literally just spawning a child process... it is running python code.py.”[02:15] →
Demonstrates direct engagement with the malware source code, showing the exact mechanism of execution rather than just describing it.
“Disassemble, decompile and debug with IDA Pro! Use promo code HAMMOND50 for 50% off... https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware”[Description] →
Explicit disclosure of the sponsor (Hex-Rays) with specific limitations on the discount, and clear citation of the primary researchers (Aikido) who discovered the malware.
“This is a .NET executable. We can see the MZ header... we can drop this into a decompiler like dnSpy or ILSpy to see the C# code.”[07:30] →
Correctly identifies file signatures and selects appropriate industry-standard tooling for reverse engineering the specific binary type.
“Detailed discussion on the necessity of understanding Windows Internals, specifically referencing paging structures and memory management as prerequisites for successful exploit development.”[24:30] →
“The video is a promotional announcement for a future livestream event rather than the immediate tutorial implied by the title 'Learn PowerShell!'.”[Description] →