Tracking down a rogue Windows service for webshell persistence -- just a teeny weeny PowerShell HTTP server wrapped with NSSM, showcased with Wazuh and their sweet new 4.14 release with visibility on IT hygiene 😎 Video: youtu.be/7Gn1GY5CIxg

Hacking Twitch Chat 😎 L3TH4L_P4ND4 shows me what looks like template injection or unsanitized variable expansion with StreamElements, then leverages Nightbot to mod yourself, ban accounts, change livestream settings or many more hijinks 😜 Video: youtu.be/8G45lYCZzZ8

Uncovered screen recordings from threat actors! 👀 Real footage of cybercriminals using anti-detect browsers and infostealer malware logs for session hijacking, and another using GraphSpy to read their Entra ID victim's emails in Outlook! 💀 Video: youtu.be/vX7JcpRqbEk

Walking through the start of Sean Metcalf's presentation and writeup on "Improving Entra ID Security More Quickly"... starting with removing some insecure defaults for user settings, device settings, and guest access! youtu.be/WUHzpDdauAw

Solving some of the beginning Capture the Flag challenges that are included within THE FUTURE IS ****** comics... classic ciphers, mixing image R G B color values, and some quick Python code analysis! Video: youtu.be/lk9_h5DoDMw

Playing with and poking at the recent Atomic Red Team MCP server to connect it to Claude! Sample execution of threat actor TTPs from ye ol' MITRE ATT&CK framework, in a virtual environment for a cheesy clickbait video title "haha claude hacked me lol" 😜 youtu.be/cFdOvrwxAwQ

Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: youtu.be/1Ymnvd1uyzQ

Fake Booking-dot-com phishing site, forced download of an "ID Verification.exe" Lua-based infostealer malware, Luac bytecode obfuscated w/ 🐬☀️🌈EMOJI🌊🌴🥥and Windows SID crafting -- video showcase of my favorite challenge that I created for Huntress CTF! youtu.be/Q3ZE36a5CuA

Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY

Off the tails of a recent NightShade C2 writeup, experimenting with building a "UAC prompt bomb" (... best YouTube video title I could ask for 😅(plz dont ban me)) repeatedly asking for admin privileges -- short & sweet in just a line of PowerShell! Video: youtu.be/JpWbytYrL2s

Safari ride-style showcase of password spraying tools & techniques with an extra flair for Entra ID-- featuring OpenBullet, MSOLSpray, entraspray, TeamFiltration & hints of FireProx, OmniProx, etc to finally simply rotate IPs low and slow with Tor. Video: youtu.be/oWv50EF0juc

Another "old but gold" little trick, harkening back to @mubix's blog post waaay back in 2013: "Stealing passwords every time they change" -- creating a Password Filter & adding it to Windows Registry. A clever persistence trick to exfiltrate credz. Video: youtu.be/DhP2Hw-6DgY

An idea I had some time ago was to create an open-source project with community contributions to centralize different social engineering lure techniques & native GUI tools that could be leveraged for ClickFix... a LOLBins-style site w/ mitigations. Video: youtu.be/UQqsaO5k2M0

Golang reverse engineering walkthrough! A challenge we solve with three different approaches: (1) static analysis with IDA, (2) dynamic analysis in a debugger and (3) patching the binary and switching to a desired code path 😎 youtu.be/4-7zcq5-cNA

A chat and demo with James Spiteri to see just how easy it is now to spin up Elastic -- and all that includes for free! We test malware, ES|QL, detections, AI triage, hunting, and everything free and easy for home labs, education, and real environments! 😄 youtu.be/7Z2zObdhN-Q

Video showcase of the ServiceUI.exe living-off-the-land (sorta) binary: elevation to NT AUTHORITY\SYSTEM, proxied execution that may evade detections AND a viewer-submitted PowerShell wrapper for spawning cmd.exe as Trusted Installer with all privileges 😎 youtu.be/BsEwsKQJtk8

Clever & cutesy malware infection chain, starting with a typosquat domain, "ClickFix-like" setup but actually not ClickFix -- search-ms: handler to attacker network share, fake PDF lure to download and run an MSI-- ultimately another commodity stealer tho. youtu.be/EZ6TEjx7JLw

Top 5 Ways You Get Hacked -- casual video without a demo, but some fun looking through a recent writeup (or low-key rant, they say) from @SecurityAura "Ransomware in SMBs: Top 5 Missing or Incomplete Controls That Could Help Prevent or Cripple Attackers" youtu.be/AG3DYX4_EE4

Very late on getting this video out the door, but a teeny weeny showcase of the recent Docker for Desktop on Windows & MacOS container escape, CVE-2025-9074 -- proof of concept was included so a simple demo of arbitrary file write & file read on the host: youtu.be/dTqxNc1MVLE

The fake EUROPOL / Qilin ransomware gang notice that flew around a few weeks ago was a funny story. I yapped about it in a video and briefly peeked into some Telegram channels to see cybercrime kiddos dropping LOLs and LMAOs on their counterintel op: youtu.be/gJ7gjZr6qIk

Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! youtu.be/rkMNOC8fhUQ

I FINALLY got a chance to chat with James Kettle @albinowax and hear about his latest research, with a cool caption "HTTP/1.1 Must Die" 😎 Mind-blowing work including desync attacks and critical vulnerabilities affecting websites & CDNs... and a demo! youtu.be/n3Bw8CASnHE

the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs

An alternative to Shift+F10 to open an administrative command prompt during the Windows initial setup and Out-of-Box-Experience (OOBE) -- video showcase of @_bka_ 's newfound trick to revive a simple method for backdoors and unintended access: youtu.be/idogu3Y6ia8

The ん Japanese hiragana character: recently used in Booking[.]com phishing campaigns as a "Punycode" Unicode lookalike symbol for forward slashes in URL links! Homoglyph attack that makes us curious what, if any, other lookalike characters do the same: youtu.be/nxVr4ERhrPQ

The new Bloodhound version has some genuinely crazy cool new features -- OpenGraph really blows the doors off the potential for Bloodhound to not just map attack paths within Microsoft Active Directory or Entra ID tenants, but now... ANYTHING 🤩 youtu.be/kVOjXGbm_Ro

I have horrible news. YouTube thumbnails with my stupid, dumb face are back. Minecraft malware inside a ChatTrigger mod that makes (hilariously) almost no effort whatsoever to obfuscate or hide its functionality: youtu.be/oQvKoJAbm98

Video: Introduction to Beacon Object Files (BOFs)! Executing native code in-memory and at runtime to improve red team stealth. 😎 We start small to understand Dynamic Function Resolution and create a small Empire module to call Win32 API functions! youtu.be/p3fByg8pa1g

Video demo to play with ArgFuscator -- the super cool research and utility from @Wietze to obfuscate command-lines to try and evade AV or EDR detection 😎 And to test your rules if any of these crazy looking commands fly under the radar! youtu.be/6-Gbv0h7m1I

Malware sample by a Discord CDN redirect from an alleged Xbox game ROM -- with a few clever tricks! Hiding a payload within the RGB color values of an embedded image inside a wallpaper picture... stored, saved and served on the Internet Archive 😂😬🙃 youtu.be/LwKOS10lblk

Late to the party but another video to demo the "FileFix" trick that @mrd0x wrote about, leveraging the address bar in Windows file explorer to run a command and potential payload -- with the ClickFix playbook just instructing an end user to run malware 🙃 youtu.be/Vz2ak0YW_L4

Video interview joined by Dahvid Schloss (the WMD course developer at @JustHackingHQ ! 🤩) who shows off some of the basics of Windows malware development, from a standard shellcode loader to a more evasive dropper 😎 youtu.be/izf8ptPVh2g

Learning Active Directory Certificate Service hacking-- with @Shikata! Starting with ESC8 using unauthenticated PetitPotam & Responder, we relay hashes to CA to get a certificate as the domain controller. This is the first video in an ADCS mini-series 😜 youtu.be/tYxJMr8jAgo

Hunting for phishing kits, keying off a simple Telegram API request used to exfiltrate info to Telegram bots! Safari ride showcase of Microsoft login lures, Facebook, and more -- then we "make our own" to see them in action 🤪 youtu.be/sSuAKE7gjBM

Chatting with mah fwend and co-worker @JonnyJohnson_ to learn all about Event Tracing for Windows, and some super cool projects he has been working on: a lightweight and custom "toy EDR" JonMon and ETWInspector to help with Windows telemetry research! youtu.be/BNWAxJFL6uM

Playing with Windows Sandbox, following the recent reports of APT10 subgroup "MirrorFace" using it intentionally to execute malware without the watchful eye of antivirus or EDR -- because it's in a VM 😜 Shared folders still give access to the filesystem: youtu.be/O20WhmCspqo

Following the recent UNC6032 writeup from Mandiant with the stupid but clever "Unicode space padded filenames" trick for malware, I recorded an even more stupid video to recreate that in bad PowerShell code and then make a crappy Sigma rule to detect it 🙂 youtu.be/aj3uBl9hFxY

Exploring a backdoored Github repository abusing .suo deserialization, so just opening a Visual Studio solution file runs malware- then a PowerShell script pulls further payloads from social media... and we stumble onto the actor actively preparing more!👀 youtu.be/pw0xSFEnowk

Golang extravaganza in an exploratory video where we make example "malware" with hidden "secrets" and dig into it with different tools-- between Binja, IDA, GHIDRA, then Redress, GoReSym & finally obfuscate with garble. Then GoStringUngarbler and more! 🤪 youtu.be/gewnAzaZXQo

I had a conversation with Pete Allor, a CVE Board member and Co-Chair of the CVE Vulnerability Conference and Events Working Group -- now helping put together The CVE Foundation (learn more at thecvefoundation[.]org) following the recent CVE conundrum: youtu.be/Ofy0LxkwkT8

HELLO NAHAMCON 2025 CTF IS MAY 23 TO MAY 25 BEN ASKED ME TO HELP PROMOTE AND I FORRGOOTTT PLEASE REGISTER AND PLAY OUR GAME ctf.nahamcon.com I WILL CONTINUE TO SPAM UNTIL SHOWTIME AND DURING EVENT SORRY BUT IT WILL BE FUN I PINKY PROMISE

Reading up on "Gremlin Stealer," allegedly a new infostealer malware variant described by Unit 42 -- and snooping around ye ol' cheesy dark web to see what cybercrime kiddos are talking about it 🥴 youtu.be/t7vBdvfBG-Q

Password palooza in a scrappy showcase of DPAPI fundamentals! With a simple PowerShell demo to start and then some Mimikatz fun to dump my own Brave browser passwords -- love to SharpDPAPI, dploot, and other tools MITRE ATT&CK says the baddies are using 👀 youtu.be/Wf520OJDzfs

Reading recap of the phish that got Troy Hunt, the owner of the "Have I Been Pwned?" database and service -- and a focus on how anyone can be compromised, cybersecurity folks are no exception -- myself included: youtu.be/pJ1UQsW0EqQ

hey check out my new DUMB ‼️ video where I write STUPID 👏 PowerShell code to block BAD 🤬 living off the land binaries outbound NETWORK 🌐 connections with the LOCAL 😤 Windows Firewall and make MANY 👿 mistakes because i am DUMB 🔥🚀 ETCETERA ETCETERA 🫡 youtu.be/x7L-F4yDXvI

I got a chance to try out @Burp_Suite Burp AI, and it's... honestly really cool 😅 Video showcase where we cruise through a web app scan, crawl and audit, and it rips through findings including an explicit UNION SQL injection vulnerability and more 🤩 youtu.be/v-McepNOrTQ

I Backdoored Cursor AI 😎 youtu.be/FYok3diZY78 Finally getting a chance to play with Loki C2, the super cool Node JS C2 framework for backdooring Electron applications (think Discord, Slack, too!) -- put together by the incredible @0xBoku 🔥We even got to nerd out over DMs to add a new feature! 🤩

An MP3 file as malware!?! Actually an HTA polyglot -- with some clever error handling tricks, slick PowerShell sub sessions, and an annoyingly obfuscated C# .NET assembly across like seven stages of payloads. The song has a good beat, too! youtu.be/25NvCdFSkA4

The 9.1 CVSS CVE-2025-29927 authentication bypass vulnerability in Next.js middleware -- covered in a rambling video and teeny tiny demo showcase, ✨ V I B E C O D I N G✨ a vulnerable proof-of-concept app. youtu.be/dL1a0KcAW3Y

MS Teams as a C2! Command and control with "convoC2," a sweet utility that smuggles in commands to run within hidden HTML span tags in Teams messages and a client agent that parses and executes them from the Teams message logs 😱 Video showcase: youtu.be/FqZIm6vP7XM