Jack
@hackjalstead
incident response, digital forensics & security research mainly ransomware & crypto
You might like
Need to investigate a Phishing link full of redirects & obfuscation? The unfurl tool by @_RyanBenson is great for expanding & graphing links to provide a true visualisation of the URI dfir.blog/unfurl/ #dfir #infosec
It's time to up our infosec shitposting game (listen with audio)
The solution to Metamask phishing is very simple. It's generative art. When a user sets the extension up, they choose from a few generated themes (accent colors, shapes, patterns) which stay unique for that user. A phishing window won't be able to replicate those.
If you're going to Phish, at least don't leave your site configs & creds zipped in the root directory🤦 - support-metamask-connect[.]com - 104.21.18.53 @Cloudflare #phishing #MetaMask
![hackjalstead's tweet image. If you're going to Phish, at least don't leave your site configs & creds zipped in the root directory🤦
- support-metamask-connect[.]com
- 104.21.18.53 @Cloudflare
#phishing #MetaMask](https://pbs.twimg.com/media/FOIzELsXEAUJZ5F.png)
![hackjalstead's tweet image. If you're going to Phish, at least don't leave your site configs & creds zipped in the root directory🤦
- support-metamask-connect[.]com
- 104.21.18.53 @Cloudflare
#phishing #MetaMask](https://pbs.twimg.com/media/FOIzEMPXIAQEVb_.png)
Invisible Friends phishing via Facebook Ads with decent engagement levels. Note the double 'i' in URL, the domains only been alive for 12 days Luckily not fully active it redirects to a 2nd site serving 307 temp redirect to legit MetaMask likely while they rejig infrastructure
Bruh the levels of this Phishing scam. Web3 introduces some mad Threat Vectors
For the past two weeks, I've been targeted in an extremely thorough social engineering scam that nearly cost me all of my ETH. I'm super lucky to have made it through unscathed. Here's the story 👇
1/ This needs to be shared @0xSifu is the Co-founder of QuadrigaCX, Michael Patryn. If you are unfamiliar that is the Canadian exchange that collapsed in 2019 after the founder Gerald Cotten disappeared with $169m I have confirmed this with Daniele over messages.
My first write up & one on a #Metamask attack vector How to hack the Vault & steal the seed phrase - > Threat Actor pops shell > Steals Vault > Cracks password w #Hashcat > Reveal seed phrase via Decryptor medium.com/@hackjalstead/… #DeFi #Crypto
Cobalt Strike, a Defender's Guide - Part 2 ➡️In this report we talk about domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more. Big shout-out to @Kostastsale for helping put this together! thedfirreport.com/2022/01/24/cob…
United States Trends
- 1. #UFCHouston N/A
- 2. Phil Rowe N/A
- 3. Arizona N/A
- 4. Del Valle N/A
- 5. Corey Day N/A
- 6. Javonte Williams N/A
- 7. Willie Colón N/A
- 8. Jordan Leavitt N/A
- 9. Dulgarian N/A
- 10. Jim Snow 2.0 N/A
- 11. #ufcparamount N/A
- 12. daniela N/A
- 13. Kyle Busch N/A
- 14. Vandy N/A
- 15. Paperwork N/A
- 16. Kansas N/A
- 17. Cincinnati N/A
- 18. Bridgeman N/A
- 19. Billy Richmond N/A
- 20. Jevon Carter N/A
You might like
-
Łukasz M
@0xluk3 -
Hoshiyari
@hoshiyari420 -
Adam
@AdamCySec -
Ivan
@0xIvanb -
HardlyCodeMan
@CodeHardly -
Jioo
@rinjagou -
Proximus Luxembourg CSIRT
@PXS_LU_CSIRT -
simon simonsen
@ssimonsen0202 -
Andrew
@d1gitalandrew -
waysa
@waysa10 -
AimanJr
@aimanrxz007 -
Abel Cuentas
@abelcuentasb -
croncut
@croncutsec -
iyer subramaniam
@vedanshiyer
Something went wrong.
Something went wrong.