#FYI Dear entities of Pouet.it, inscriptions are currently disabled for an undefined time. They are invitation only, any user can accept invitations, so if you are already here, you can accept requests. We had a number of bots massively registrating two times already and we don't want to manage that. As we are on holidays, we are not taking care of this, we'll think of a solution after. Any input welcome. Your admins, @piks3l and @gllmhyt
Currently doing that IR exercise and it is such a load of fun https://dfirmadness.com/the-stolen-szechuan-sauce/
We just released an important iteration on our current 4.2 testing !
- ✨ UI/UX fixes and improvements in the new webadmin
- 🔑 SFTP and SSH permissions
- 🚑 Many improvements on backups
We're looking for moar feedback from beta-testers, aiming for a release in the coming weeks 😜 !
big computer god, give me strength to go through the whole week of DNS requests and have to ponder whether those are malicious or not
then from there, it's field work.
Remember the difference between science and doing random shit is writing things down
But phishing and scams rarely got for long, if the page on urlscan is weird enough, you can consider it to be malicious
click on links
or visit malicious website
without proper protection
(sandbox + VPN)
Did you get a spam a you're wondering how to check if it's legit?
* hover on any link and check the link address. DO NOT CLICK ON IT
* if the stuff look weird, right click to "save link address"
* do a first run in a search engine by setting quote paste your link quote. This will search your link as a text and search engines such as google will not try to go to it
* is it a website? check the website on https://urlscan.io/
* check on https://www.virustotal.com/gui/ to see if there have been...
this looks normal
wallet code here: https://www.blockchain.com/btc/address/bc1qq6u8zam54yzgc70nkm24d59vmgzjq579huy4dt you see there was actual payments :O and then the money it sent through other wallets.
* A lot of ads and weird stuff. Bare in mind when sending them to me that if they are older than 3 weeks it's possible they have been taken down and the lead would be cold.
Anyway, that was a lot of fun! I'll be happy to keep looking.
Stay aware and safe, check the links you click on!
look here: https://urlscan.io/responses/d43e9f0aa853156fd0b00d0e4786c863fc3db474ceb259cd6cf70ddc8f2566dc/ You can see a malicious JS that will skim some of your data. At that moment I didn't find actual malware, it was more close to a data stealer from user input. Here what was interesting was the amount of redirects that the website was operating. Next time I find something like that, I will try to map the route.
Interestingly, the pages were down 2 days after the scan.
* There was a usual: "i caught you masturbating, send me bitcoins" If you look for the (...)
So last week I asked you to send me some spams you received for analysis. Thank you a lot for your participation! <3 A lot of you send me really cool stuff.
In terms of findings, it was quite thin though, here a a couple of findings:
* A big Amazon spam, was sent to me. You can see the urlscan result here: https://urlscan.io/result/19eb86cd-539c-428f-a9c0-512315bda71f/#summary in terms of modus operandi, it was quite simple, you get a form and fill it up and the page will ask you for more information. If you (...)
The Tor Project is hiring for two positions: a Systems Administrator and a Browser Developer. Share these opportunities with your networks:
Searching for Titans.
Send me your spams! spam at pksl es
bi and métis/brown not PoC
Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !