John Hammond

Elite
@JohnHammond

Hacker. Friend.

ctf-katana. This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

2.9k

msdt-follina. Codebase to generate an msdt-follina payload

1.6k

katana. Katana - Automatic CTF Challenge Solver in Python3

1.4k

recaptcha-phish. Phishing with a fake reCAPTCHA

652

poor-mans-pentest. This a collection of the code that I have written for the Poor Man's Pentest presentation.

580

security-resources. A communal outpouring of online resources for learning different things in cybersecurity

482

CVE-2021-34527. PowerShell

319

vbe-decoder. A Python3 script to decode an encoded VBScript file, often seen with a .vbe file extension

197

oscp-notetaking. This repository houses some of the small scripts I had used to quickly document throughout my OSCP course. This was referenced on YouTube, and should be made available to others!

182

ignition_key. This is a small BASH script to quickly setup all the tools I would want and need on a new machine.

150

labs. Free and publicly available training labs and exercises, for quick copy-and-paste demonstrations, learning and education.

130

active_directory. Notes and resources for the Active Directory YouTube series on https://youtube.com/JohnHammond010

129

miscellaneous. The purpose of this repository is to archive any extraneous documents, or anything else that really has no specific category but needs a home.

84

pyminify. Compress a Python script to a command-line one-liner

78

johnhammond.org. The code and material for my personal open-source website. (Flask, Gunicorn, Certbot)

77

archlinux. These are my notes and setup scripts while installing and preparing my Arch Linux environment.

71

intro2linux. This is a clone of the of Introduction To Linux repo that I developed for the class I taught at the US Coast Guard Academy.

65

binnim. Shitty Nim code that reads in a file and converts it into \x hex representation, for the use of shellcode binaries.

65

thm. My adhoc and abhorrent notes and work for TryHackMe machines. This repository is for personal use but is made public in case other somehow benefit from it.

59

notes. An Obsidian vault to Github Pages workflow to hopefully make me take notes

51

CVE-2012-2982. A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution

42

c2c2. My new C2 framework

41

qr2unicode. Crappy Python code to render a QR code as "plaintext" with Unicode

40

htbbizctf2021. Code and notes for the 2021 HackTheBox Business CTF

37

GTFOBins.github.io. Curated list of Unix binaries that can be exploited to bypass system security restrictions

35

netstatgo. Crappy Golang code to list local listening ports and their associated processes.

35

misfortune-ctf-challenge. A small binary exploitation challenge to demonstrate a typical return2libc attack

34

wfi. Windows File Integrity -- an archive of information on installed Windows binaries.

34

CTFd. CTFs as you need them

30

ansible-playbooks. Ansible playbooks to install various utility and security tools to localhost

29

overthewire_natas_solutions. As requested on YouTube, this is an archive of my Python scripts and code that I've used to solve the Natas challenges from OverTheWire.

28

ctfd-download. A script to download all the challenges and files from a CTFd instance

27

underthewire. These are notes and code from my experience working through the UnderTheWire wargames.

27

training_wheels-public. The teaching vessel and "interactive textbook" that I am building for the Intro to Linux class at the USCGA.

26

hackersyntax. Shell

22

ctfcli. ctfcli is a tool to manage Capture The Flag events and challenges

21

CVE-2036-69420. uwu

21

fakemsf. Fake msfconsole for the use in demonstrations

20

devops.

18

base64io-python. A stream implementation for Python that provides transparent base64 encoding and decoding of an underlying stream.

17

sshkeys. A weaponized technique for SSH to accept an inserted public/private key. Useful for red team effects.

15

CVE-2020-35846. Python PoC for CVE-2020-35846 targeting Cockpit 0.11.1

15

CVE-2021-4034. Bash implementation of CVE-2021-4034

15

PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework

14

pam_sneaky. A silly PAM module to allow authentication as any user with a single password.

13

pcdc2019. This is a repository to house convenient things for the 2019 PCDC competition.

13

CTFd-Docker-Challenges. Docker Challenge creation for CTFd. Allows per team/user containers!

10

stix-attack-flow. Crappy code to work with MITRE Attack Flows with the stix2 Python library

10

bbfuzzer. Nightmare code I wrote and used for the Cyberstakes 2016 Breaking Binaries challenge. Managed to crack a good 200+ programs, though, more than any other team! This is the catalyst to a better utility: peach.

10

docker-php. Dockerfiles for php with a few extensions already loaded

10

sandbox. My 1/c Senior Design project (at least the first half of it), aiming to synthesize virtualization and automation. I take advantage of VMware vCenter and PowerCLI to automate the process of creating a dynamic network.

9

mynewmalware.

9

pim. "...my own endeavor to learn low-level programming and develop a kernel or operating system". I have not touched this in years and I consider it inactive at the current moment.

8
53
Apply