June 10, 2022

Unlocking Cyber Education with John Hammond

by Hacker Valley Red

Show Notes

John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective.

Timecode Guide: 

[01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content

[06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success”

[13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches

[16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team

[21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands”

Sponsor Links: 

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley

What is your origin story for wanting to educate other hackers?

Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience. 

“Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”


What feelings do you get looking back on the YouTube content you’ve created so far?

John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work. 

“I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”


Have you ever considered focusing on the blue team or the defensive side of cybersecurity?

The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team.

“We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”


What advice do you have for red team content creators that want to share content and spread awareness safely? 

With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before. Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone.

“Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.”


Hacking the Vocabulary:

Cybersecurity Capture the Flag (CTF): Competitions to demonstrate expertise in attacking computer resources. The “flag” is normally a file or code a team recovers and provides as proof of their successful penetration of defenses.

Python Programming Language: A powerful, general-use programming language, often used in web development, data science, and creating software prototypes.

The Onion Router (TOR): ​​A free and open-source software for enabling anonymous communication, with each “onion” network having layers of encryption. 

Kaseya VSA Ransomware Incident: A ransomware attack in July of 2021. This paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya.

Log4j: A Java-based logging utility used by developers to keep track of what happens in their software applications or online services.

Zero-Day Vulnerability: A vulnerability in a system or device that has been disclosed but is not yet patched. 



Check out our guest, John Hammond, on YouTube and LinkedIn.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn.

Catch up with Chris Cochran on Twitter and LinkedIn.

Continue the conversation by joining our Discord.



Axonius Ad 00:21
Hey everyone, it's me, Simone Biles. You might be wondering why you're hearing my voice on a cybersecurity podcast ad. Well, it's because I'm partnering with Axonius. Whether you're a gymnast like me, or an IT, or Security Pro, complexity is inevitable. And I've learned that the key to success is focusing on what you can control. Go check out my video at Axonius.com/Simone.
Chris 00:54
We are back with Hacker Valley Red, where we're exploring the nexus of offensive cybersecurity and humanity with a hacker's mindset. Again, I'm one of your hosts. I'm Chris Cochran.
Ron 01:05
And I'm Ron Eddings. And I'm super excited to continue down this path even further highlighting cybersecurity legends, especially on the offensive side of the house, the penetration testers. When we look at where we've been so far in this season, and where we're going to go, you have to think about the impact, the splash that the practitioners have made in the industry, but also the splash that we're trying to make with highlighting these stories. Not just the technological stories, but the human stories. I feel like there's just so much going on right now and even more to come.
Chris 01:37
Absolutely. Something that is near and dear to our hearts is content creation, right? Because we feel like that is what can help make a splash. If you want to scale your impact, inspire and empower people on the blue or the red side of the house, sometimes content is the best way to do it. And so, when you talk about making content, you're talking about awareness, making people aware that things exist. Whether you're talking about vulnerabilities, or you're talking about hacks, or threat intelligence across the board, awareness is really where that initial interest comes in, because you begin to explore the nuances of cybersecurity or different attacks, and that's really what starts the path for a lot of people.
Ron 02:15
Yeah. And when you think of awareness, I feel like one of the things that we've always done well is putting ourselves out there, being a little vulnerable, being a little silly at times, being knowledgeable, but really trying to bring something to the people. One of the things I loved about you most, when we first started working together, was the easy framework that you put together. You made threat intelligence, digestible for many people. And when we look at threat intelligence, you can't think of threat intel without offensive security because, you know, we're looking at the offenders, the hackers, maybe even some of the cyber criminals. When you think about impact, and also being a content creator, we have to go back to the people that inspired us. I have someone in mind who is actually our guest, but first Chris, I want to ask you: Who inspired you in the realm of threat intelligence, content creation, to put yourself out there and create a framework like easy?
Chris 03:08
Yeah, so I would say on the threat intelligence side, obviously, I was at the National Security Agency. I had access to a lot of the pioneers in the intelligence space, people like General Alexander, getting to spend time with him and learn from him was absolutely incredible. But then on the content creation side, we're surrounded by content these days, interviewers like Joe Rogan, and interviewers like David Letterman, and looking at different podcasters, and even some YouTubers influence the way that we do content. But really, there's so many places that you could pull inspiration and that's the beautiful thing about content is, there might be a single piece of content that changes the way that you look at things, it might change the way you look at cybersecurity or the red side of security. So, that's the beautiful thing about content is that there might be some magical in it.
Ron 03:57
Love it. And one thing that really always inspires me is the YouTubers. I've always been fascinated by YouTube, just because there's content from businesses, there's content from independent creators, and there's content from even kids sometimes. Like, there's some really cool stuff that my nephews and nieces watch. But when it comes to cybersecurity and seeing someone really make an impact when it comes to content, the name that comes to mind always, for me, is John Hammond John is someone that has been YouTubing for years now, many years, I think, almost 10 years at this point. And he's always put himself out there to show how he learns and then teaches people to learn his way, but also other ways, showing that cybersecurity isn't just one click and then boom, all of your questions are answered, or you have a shell access to a box, but there's so much more that goes into it. John is also a Senior Security Researcher at Huntress Labs, and a cybersecurity education enthusiast, he has coined himself as, so with that further ado, let's jump right into the interview with John Hammond.
Chris 05:04
What's going on everybody? You are in the Hecker Valley studio with your hosts Ron and Chris
Ron 05:09
Yes, sir.
Chris 05:13
Welcome back to the show.
Ron 05:16
Glad to be back again. And in this season of Hacker Valley Red, we're going to be highlighting cyber security legends, especially focusing on pen testing and the offensive side of the house. And we found the perfect guest, literally the perfect guest, because I feel like everyone may have learned something from him, I know I have. And our guest today is John Hammond. John is a Senior Security Researcher at Huntress Labs, and a cybersecurity education enthusiast. He has a well-known, very popular YouTube channel called John Hammond, but most importantly, John, welcome to the show.
John 05:51
Hey, thanks so much, everyone. Ron, Chris, this is awesome. Thanks so much for letting me come hang out with you.
Chris 05:56
The honor is all ours. When you look at what you've been able to do with content, that is no small feat to have those types of numbers. And I know content creators, we try not to get caught up in the numbers, but sometimes, what that can mean is that you are making an impact and you're creating value for your community. But first, for the folks out there that don't know who you are just yet, let's hear a little bit about your background and what you're doing today.
John 06:18
Sure thing. Well, hey, thanks so much for asking. Yeah, my name is John Hammond, right? I'm over at Huntress Labs, but that is not where I started. I kind of got my feet wet with the US Coast Guard and kind of poured into more of the government and military side. That speed ran me to, hey, the Department of Defense Cyber Training Academy, the Defense Threat Reduction Agency, and now
where I landed with Huntress. But all along the way, kind of creating content and helping educate others through YouTube is really my main stage platform, has been just a passion project, a labor of love, and something fun along the way. But really, that's where I'm been cutting my teeth. It's Capture the Flag, sharpening the sword in cybersecurity training, and just trying to be all about, trying to stay on
the front lines.
Ron 06:58
So, you got to take us back, take us way back, right? Because I feel like, when you have the desire to teach somebody, it almost stems from somewhere that has always been connected with you. I feel like, for Chris, when he learned about dancing, he was trying to teach everybody how to dance, and safer threat intelligence, and now even podcasting for him, but I bet, for you, there's like, an origin story for learning, or even educating others.
John 07:22
A little bit. Yeah, hey, I kind of grew up sort of like any kid might and was like, "Hey, I want to make video games, right? I want to be a hacker in the cool Hollywood movie style, Mr. Robot, whatever." And somehow, someway, I ended up Googling, just using my computer to look online: How to be hacker, or how to make video games, right? And I guess, maybe I landed in the right place. I think I stumbled
across what was Eric S. Raymond and his blog, his online article that said, "Hey, if you really want to be in this thing, you should pick up a programming language or like learn to code." So, I would look up YouTube videos on how to play with the Python programming language and scripting language. And I don't know, that just opened the floodgates. I learned from other people just sharing their knowledge on YouTube and I started to think, "Well, hey, if this is how I'm learning, and maybe the best way you can sharpen your skills and learning something is to try and teach it yourself." So I thought maybe I could give back, or showcase that his is the really cool stuff and this is what I'm having fun with. I really enjoy this. I want to bring it to other people. And that's how the YouTube channel slowly, very, very slowly, but surely it caught some wind.
Chris 08:29
Yep, we got to talk about that slowly part because a lot of folks think that it's all overnight success, folks are waking up with millions of followers. Like, that is not the case. Tell us a little bit about that journey. Like, when you first started, obviously, you saw a need to put content out there. And then, slowly but surely, not only did that time allow you to amass followers, but it also allowed you to cultivate that tradecraft, that ability to push messaging and interesting content. Tell us a little bit about the journey.
John 08:59
Yeah, absolutely. It's interesting when you look at, okay, the field of cyber security, right? And
technology, and maybe that's harder to maybe, I don't know, carve out a niche or carve out some platform, as opposed to like something like entertainment. Like, hey, some silly creators do, I don't know, backflips off of cars or whatever, that could probably get some views and get some eyeballs and attraction. But that's all fun and games, right? Maybe that'll blow up in a night, but it's hard to have that success when you're trying to showcase weird nerdy stuff, right? Computers and geeks and all this thing. It's very, very different. And I think, okay, it does come with a little bit of that consistency and just wanting to put stuff out there. I was honestly uploading videos since like, 2009 or 2011. You can probably find some way back on my channel, but I don't think I saw any growth or any meaningful numbers increasing and kind of success until probably 2018. I would collaborate with some other creators and that would help grow. "Hey, this person is doing real cool work, this person is doing really cool growth." And then, sure, maybe the small number of 1,000 subscribers might turn to 10,000, and then 20,000. And then it starts to have some exponential growth, right? Okay, we go from that to 40, and then 80, and then past 100,000. It's very, very cool and very fulfilling to see that, as you mentioned, just get in front of so many people.
Ron 10:20
Yeah, I bet. And I look at the impact, right? You have hundreds of 1,000s of followers and just giving people the opportunity to learn. Throughout my career in cybersecurity, time and time again, as a consultant, I would run into people that didn't have the training, the opportunity to be trained or to learn Python from someone that has bit their teeth on that programming language and all the bugs around it, and concurrency even maybe, but what kind of feeling do you get looking back at all the content that you created so far?
John 10:49
Oh, thank you. That's a super cool question. I think one of the things that I am most pleased with, or I really am thankful for in my content and what I think that people watch also tend to appreciate is that, it's a screenshare. Like, I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder and seeing me showcase something raw, live, and genuine, and authentic. So, that means I'm making a ton of mistakes. Like, I'm hitting the backspace button, like, 17 times and moving up in my command history. And you'll see me run into a rabbit hole, crash into a wall, and then try to work my way out of it with some live debugging troubleshooting. It isn't, by any means, a pretty package and nice polished video to showcase and educate something, but it shows, I hope, like, the real art of hacking, right? And it's sometimes you just kind of mess up and you make mistakes, and there's so much learning and research and grit. It's not all that sexy. There is a lot of failure in hacking.
Chris 11:52
Yeah, 100%. Let's dive into one of those stories right now. Obviously, doing something is very
vulnerable, period, when you do content, but especially content that is sometimes divisive as
cybersecurity, when folks are always like, “Oh, why would you do it that way? Or why would you take this route?" There has to be some thick skin, for one, but it also creates this environment where, I'm sure, you got really tight on how you do certain things from a hacking perspective. But is there a story that really stands out in your mind that really highlights that dynamic nature of doing content, but also being vulnerable?
John 12:27
I think so. I'm really glad that you mentioned, it's a cool word that you use there and like, "Hey, you're sort of being vulnerable." It's laying yourself out there to make mistakes. Accepting a lot of that critique and criticism, or whatever hater comments. I think it's interesting, because again, if you're, and I try to be upfront, and honest, and transparent, like, look, I don't know everything. I don't know anything, like I'm here to learn just as much as you are. So, please, share in the comments, if you're interested, it's totally cool if you want to correct me. Tell me, "Hey, a tool could have accomplished this job in like, no time at all, you wasted a couple minutes here and there, or a lot of time," or like, "Hey, if you use this syntax, it's faster," or, "Oh, if you did something else in a different way..." That helps me learn, it's improving me in a very, very cool feedback loop where I'm sort of crowdsourcing education— Is that the right way to put it? I don't know. It's like, an MMO RPG, like massively multiplayer online when we all
get to learn, with me right there with it.
Ron 13:28
So, I would love to hear some of the reflections and also, like, things that you use in your day-to-day. You're not just a content creator, but you're also a practitioner, like, that has his hands in the weeds. Does the content help you with your nine-to-five? Or, is it more so the other way around, where you have more ideas about content because of what you're exposed to at work?
John 13:48
Oh, it is a very, very cool two-way street, I will admit. They kind of both feed each other in a cool way. Some of the stuff that I would showcase between malware analysis, or diving into the cheesy dark web, or, the onion router nodes and all that, silly V2 and V3 websites, those all kind of got inspiration from the work that I do for my day job, and my day job might get some cool training and exercises for stuff that I just wanted to pour into YouTube. I think it really does help when I have an extra megaphone to help get information and messaging to folks. When we've seen the Kaseya VSA Ransomware Incident back into Fourth of July of 2021, or when we saw Log4i, one of the Java vulnerabilities way back in December the end of last year. And now, super recently, at the time of us recording this, we had like, Memorial Day weekend and there's some crazy Microsoft Office MSDT vulnerability and CVE. So, it's wild to help get that information out there and I think that is an interesting intersection between training and capture the flag and WarGames, where you can practice, but when we get to the real stuff, real threat actors firing off real exploits to do real damage, it's an extra stage. And I think that's a very cool thing.
Chris 15:08
What's so cool about what you do in your content is that you're not just teaching processes. You're not just teaching a way of doing things, but you're teaching about current events, things that are happening today. And so, I'm sure there's a lot of folks that look to you as a mentor, they look to you as the news in all the above, but with the community that you've made, you've had to have some interesting ways that you've connected with your community, right? Meeting people at cons, meeting people out and about, folks writing you emails and saying how much you've influenced their life. But from that perspective, what has been some of the most impactful moments?
John 15:45
Oh, man, thank you so much. This is super flattering. But no, it is a little surreal to go to, like, a local BSides, a security conference, we went to BSidesCharm over in Maryland just a bit ago, we were at ShmooCon. I like to really attend DEF CON, and DEF CON, it's interesting, I'm blessed and fortunate that my girlfriend is very much into cybersecurity as well. So, she's always with me on all these trips with my other cohort of friends and colleagues, and they'll be trying to go somewhere like, "Hey, alright, cool. We had a lot of fun at the CTF, but now we're gonna go to lunch. Let's pack up all our stuff and let's go to whatever bar down the street." And they'll be like, "Where's John? Where did John go? We totally lost him." And it's like, I'm all the way at the way back of the hallway because I just wanted to hang out with someone that just came up and said, "Hello," and said, like, "Hey, I watch your videos. Can we like take a picture together?" And it's cheesy, it's silly, but it's just really, really flattering and surreal. So, thank you to everyone that does come say hi, I love when you come say hi. And if you see me at a conference, please come say hi.
Ron 16:47
You definitely should. And don't forget about us, too— No, I'm just kidding, but I would love to know, have the tables ever been turned? I know that you spent a lot of your time on the offensive side. And I'm sure you help organizations, maybe your teammates, with offense, maybe like, making them more aware of their defense, but have you ever considered focusing more on the blue side of the house with all of your exploration, finding vulnerabilities, exploiting and seeing what the hackers are doing?
John 17:16
Absolutely. I think Huntress, where I'm at for my day job, we have an interesting and, in my mind, very cool perspective of like, all of us come from that more offensive penetration testing, red teaming background, some of us have whatever government military upbringing, whatever intelligence community kind of foundation there, and that's very, very cool. And we can say, while we're defending our partners and companies and others that, "Look, our offense is your defense." Like, we know how the threat actors and the hackers work, because we were there. We know what they might do after that initial access, what they're going to do for persistence, how they're going to escalate privileges, what else they're looking for, for new vulnerabilities. And I think bringing that knowledge of red teaming to the blue team side is just invaluable, because then you can help showcase people and educate folks on like, "This is what it really looks like," and break down those walls. Because sometimes, I'm just not sure what you mean when you say the word "zero day," or like, "Okay, yeah, I know all silly, cheesy,
security awareness training, don't click on links and don't plug in USB drives," but if you show someone like, "No, this is how much damage can be done and I'm going to show you, here's the visual," their eyes open wide. And I don't know, I think it's very, very cool to mix both red team and blue team, without a doubt.
Chris 18:36
Yeah, we definitely have to talk about that communication for a second, because one of the sponsors for this particular season is PlexTrac, where they are taking the reports from the red side, giving them a place to import their information, and then have that communication with the blue side of the house. Because one of the things we saw that was missing out in the community is there's a lot of great things happening on the red side, but sometimes, that information doesn't get to where it needs to go. So, you can prioritize closing out those vulnerabilities, the gaps, and all the things that has to go into that. But from your perspective, like, having something like PlexTrac, or just any medium in which you can bring those two sides together: How important is that from a cybersecurity perspective?
John 19:19
I think absolutely. We're all playing in concert. As one team sharpens their skills in the red teamer pen test, then now it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that? Having those levels of communication and when people say, I guess, "purple team," I'm sure you've heard that mentioned right there, but it's the blend and us working hand-in-hand between both offense and defense. And when you have that messaging and you can showcase it to other members of organization ABC or hey, you're part of company XYZ, you can show upper management, you can show folks that might not be big in the mix on this, and having that information in a good transparent way just makes things all the better. Transparency communication, honestly, without a doubt.
Ron 20:06
Love it. And to follow up with Chris said, PlexTrac is a sponsor, so we gotta give them one more shout out. You can find them at PlexTrack.com/HackerValley. That's PlexTrac.com/HackerValley. And I wanted to ask you one more question, John, really about a story. Again, we asked you about a story earlier, but I wanted to know, what's a story for you that stands out that really encapsulate what you do best? From learning to the offensive side of like, implementing an attack or understanding an attack more. What's the story that stands out that you've experienced on your journey?
John 20:43
Oh, man, there's some are interesting ones to either pull or dig into. Hmm. Where do we want to go?
Do we want to go into sort of the training and growth and career aspect? Or do we want to go into like, the seeing real effects in red teaming, or pen testing, and ethical hacking and threat emulation? Which direction is maybe best in your mind, fellas?
Ron 21:03
We were talking about impact and awareness. So, maybe something that you did, or have seen, that really made a splash? Like, wide and far.
John 21:13
Okay, I'm going to spin this one a little weird, if that's okay, and hopefully, I can find a good ending, or something to land on. But we'll keep it tactical, right? Talking about offensive, red team stuff. Some folks might remember the Print Nightmare Vulnerability some time ago, that was some crazy exploit where like, the print spooler service in Windows would just offer remote code execution if it's arranged in the right way, or local privilege escalation. So, I don't want to get too geeky or too nerdy, depending on how audio might travel, but myself and a very good friend put together a proof of concept, like, in PowerShell. Super-duper easy to perform the local privilege escalation against Print Nightmare on an endpoint, on a Windows box within PowerShell. So, super easy. You could like copy and paste and just slap it in. And we shared that for detection sake, like, we want to help companies be able to test and
validate and see: Have I patched? Have i mitigated this properly? Etc. I'm sure you know, and it's probably a common conversation, okay, if we are just handing out exploit proof of concepts out on the social medias, what could be whatever fallout of that, etc.? So, it's wild and crazy, the ransomware gang Conti, I don't know, again, if folks might be familiar, they had a leak of their playbook of like, the checklists that their operators run through when they're in a target environment and the network victim, what they do to eventually deploy ransomware. And if you look around, looking through the pages of this playbook in manual, you can find the GitHub Repo and the repository and code for our Print Nightmare proof of concept and exploit, which is wild and crazy, whoops. Okay, we've got an in with threat actors out there.
Ron 22:57
Yeah, this guy's great at teaching. Too good.
John 23:03
So, I received an email from some individuals of some external company that I didn't know, that messaged me on LinkedIn and said, "Hey, John, our organization just sort of got popped. It was a SonicWall vulnerability that got initial access, but we can see in the event log, how they escalated privileges and there's literally your name in the comments, because you can see the PowerShell code." Oh, no, no, I feel like I just lit this person's house on fire. So, there's my crazy impact, if that's all right, in awareness and understanding. Okay, widespread vulnerabilities, but I don't know, is that a weird thing? I've touched the hot stove and now literally seen exploits and proof of concepts done for those evil, nefarious activities. And I don't know if I want that to happen again, right? However, yet, here I go, showcasing how you can recreate the new Microsoft Office vulnerability. So, it's a weird, interesting balance of that offensive, red team, pen tester mind, but also that blue team, defensive, "let's protect
security" mind.
Chris 24:06
Yeah, that's actually a great point. And there's someone that's watching this right now that is on the red side of the house, and they want to do content just like you do, just like we do. And there's that happy medium with things like disclosure, or entertainment, or education. We almost have to find this balance of doing the right thing and keeping the wrong information from being in the wrong hands, but sometimes you just can't help it. But what piece of advice would you have for those on the red side that want to continue to spread awareness and create content, but do it in the best way possible?
John 24:43
I always tend to land on this and I don't mean to sound like a broken record, but I think the best way to encapsulate it is: show your work. Like, share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity. No, there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest about that. "Here, let me show you how I was able to recreate this attack, or do something with my blog. Alright, here's a video showcase." I'm not just dropping a tool for whatever red teaming offensive hacking, but I'm also adding in including some of the detection efforts. "Here's the Yarra or Sigma rule to be able to see this on the other side." Mix in that red team and blue team. So, show your work and be part of the community. Network, attend those conferences. I want to be able to see you out on the interwebs doing great things.
Chris 25:42
I absolutely love it. I used to teach lockpicking. And obviously, folks could use that for evil, they could go break into places steal stuff, wreck stuff, whatever it is, but we felt that information is power. And the more that people are aware of the things that are out there that can go wrong, the more they can think about ways to protect. So, absolutely love all the stuff that you're doing, but for the folks out there to want to keep up to date with you, your YouTube content, and everything that you're doing out there: What are the best ways that people can do that?
John 26:12
Well, hey, thanks so much. I hope I wasn't rambling for too much. But if you weren't sick to me yet, yeah, you can find me online. YouTube is John Hammond, just my name. Twitter, I'm like,
@_JohnHammond. LinkedIn, John Hammond, right? Pretty easy to track me down. I'm that fella with red hair. And I'm practically a walking dox, I guess.
Ron 26:33
Awesome. Well, find him at a conference, like John was saying, and also check out his information in the summary below. John, thank you again for speaking to us and talking to us about cybersecurity legends and making such a great impact on the field. And with that, we'll see everyone next time.
Chris 26:51
What I love about John is that he makes such a huge impact, but you can tell, in the way that he speaks, he's incredibly humble and he loves working with people. He genuinely cares about people. And I think that is a key feature in anyone trying to make an impact, whether you're talking about awareness, talking about education, anything like that, understanding other people and wanting to help is beyond important,
Ron 27:16
Crucial. And I think, when we look at individuals like John, he said he wasn't just him going at it alone. He had other people in his corner that were rooting for him, cheering him on, and also being a positive example. And with that, we have many more positive examples coming up on this season of Hacker Valley Red, some cybersecurity legends that really have changed the game even before we knew that they were doing it publicly.
Chris 27:39
Ooh, this next episode, y'all, just be sure to tune in for it because it is going to be a roller coaster of a ride. So, be sure you tune in and with that, we will see everyone next time

Keeping It Open Source with Metasploit’s HD Moore

July 1, 2022 Hacker Valley Red