John Hammond
Malware Analysis, Dark Web & New CVEs

John Hammond is my early-warning system. When a new CVE breaks — a Log4j, a Follina, a MoveIT — he tends to have a working demonstration up within days, and watching him build a proof of concept from the raw advisory teaches me how to read a vulnerability report and actually reason about exploitability, not just wait for someone else to hand me a script.
His malware analysis content is the other half of the value for me. Watching him unpack an obfuscated script or walk through a supply-chain-compromised package gives me a much better sense of what to look for when I’m reviewing something suspicious myself, and it connects naturally to the detection side of my homelab — knowing what malicious code actually looks like before it hits my Wazuh alerts makes those alerts mean something instead of just being noise.
He’s also just an easy entry point for CTF and general education content, which makes him the channel I point to first when I want a quick, current, technically accurate take on whatever’s making news that week.