New tool for all those #Stealer #malware analysts out there:
https://crxray[.]info
Translate #Chrome #Extension IDs to their Names and Descriptions in Bulk.
Currently 174,534 Extensions in database. More related tools to come.
New Blogpost "Amos Stealer "malext" variant spread in global malvertising campaign using free text-sharing websites" is now live.
medium.com/@gi7w0rm/amo...
Hope you will enjoy 🙂
When you finally reverse the loader for that malware sample #VirusTotal flagged as "APT XYZ". and it turns out to be just a #Vidar #Stealer dropper.
4 Stages including Steganography for nothing 😕
Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈
Cheers ❤️
In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
Had an amazing time #FirstCon last week. Met a bunch of awesome folks from all over the industry. Around 3 hours of sleep per night and 17 hours of social interactions ^^ Was so done but also super happy on friday :) Cheers to all the awesome folks in our industry <3
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
At the beginning of this month i bought myself a #Steamdeck.
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming
New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
So this just happend to me:
gamerhorizon.com/2015/01/28/p...
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
Message of the day:
Not every North Korean Cyber Threat is #Lazarus or related to Lazarus.
Please get this into your heads...
"Studio Ghibli" - Gi7w0rm
#AIArt #StudioGhibli #Gi7w0rm
Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
Small Bugfix in gi7w0rm.github.io/ArrayThisClo...
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.
Have just been notified that I am featured in:
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️
Thank you :)
Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
My pleasure :) thank you for the feedback!
New #challengecoin unlocked. Images as soon as received 🔥
Here is the fixed link:
gi7w0rm.medium.com/a-beginner-s...
Super weird, not really sure why...