Jake

@JCyberSec_

Working in Cyber Security / Threat Intel / Malware | Offering Bespoke Cyber Training to Organisations | Creator of an Automatic Detection Tool

UK
Vrijeme pridruživanja: kolovoz 2017.

Tweetovi

Blokirali ste korisnika/cu @JCyberSec_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @JCyberSec_

  1. Prikvačeni tweet
    6. sij

    ⚠️ New Slack channel :: Magecart Intel Sharing ⚠️ If you're engaged in hunting or protecting against then come join. Split into with different TLP areas to enable effective intel sharing and allowing for collaborative working amount peers. 📬 DM me for an invite now.

    , , i još njih 6
    Poništi
  2. 30. sij

    against AT&T using free online form sites to host. 🌐/ca.surveygizmo.com/s3/50067103/AT-T-support 🌐/atttnet.weebly.com 🌐/currentfromatt826189.typeform.com/to/TMGflH 🌐/mail532421.typeform.com/to/rm4WcY

    Poništi
  3. 30. sij

    Has anyone found a way to circumvent the Cloudflare phishing detection splash screen when scanning a domain in ? Help: I appreciate the good work you do; but sometimes, I really need to see the source of the site 🙏

    Poništi
  4. proslijedio/la je Tweet
    30. sij
    Odgovor korisniku/ci

    Nice find. Steps are included in the images. Note the spelling of 'finalize' is US English not UK English! Obviously the creator used a translation service for it.

    Poništi
  5. 30. sij

    Wow, thanks for the shout-out 📢. Hope you see a good uplift on the service . I'd better get researching more credentials!🚨

    Poništi
  6. proslijedio/la je Tweet
    28. sij

    against . 🌐Multiple URLs from the same kit "modify by " IoC List: Second kit with same actor fingerprint but also contains a HTTrack artifact. Complex pivot IoC List:

    , , i još njih 5
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    28. sij

    🚨This campaign is still live and kicking. New sites are being spun up daily and are easily identifiable. Following domains are all on IP 101.99.75.22🖱️ 🌐hxxps://www.hmrc.tax8refund.com/verify 🌐hxxps://www.hmrc.tax7refund.com/verify 🌐hxxps://www.hmrc.tax6refund.com/verify

    Poništi
  8. proslijedio/la je Tweet
    29. sij

    We all love some Office on Windows ... 🌐hxxps://standard7deliver1.z13.web.core.windows.net 🖱️ 52.239.246.1 🔐TLS by Microsoft POST's the stolen data to another domain.

    Poništi
  9. 29. sij

    This is a great project and I am proud to be able to work with others and feed data into this. 💪

    Poništi
  10. 29. sij
    Poništi
  11. 29. sij

    We all love some Office on Windows ... 🌐hxxps://standard7deliver1.z13.web.core.windows.net 🖱️ 52.239.246.1 🔐TLS by Microsoft POST's the stolen data to another domain.

    Poništi
  12. proslijedio/la je Tweet
    28. sij

    The search is detailed in the image. This enables searching for new kits targeting the same organisation. Use searches to pivot and to also help understand sites. Sites all look the same but they are all different kits, campaigns, and actors. Turn data into information.

    Prikaži ovu nit
    Poništi
  13. 28. sij

    🚨This campaign is still live and kicking. New sites are being spun up daily and are easily identifiable. Following domains are all on IP 101.99.75.22🖱️ 🌐hxxps://www.hmrc.tax8refund.com/verify 🌐hxxps://www.hmrc.tax7refund.com/verify 🌐hxxps://www.hmrc.tax6refund.com/verify

    Poništi
  14. 28. sij

    The search is detailed in the image. This enables searching for new kits targeting the same organisation. Use searches to pivot and to also help understand sites. Sites all look the same but they are all different kits, campaigns, and actors. Turn data into information.

    Prikaži ovu nit
    Poništi
  15. 28. sij

    against . 🌐Multiple URLs from the same kit "modify by " IoC List: Second kit with same actor fingerprint but also contains a HTTrack artifact. Complex pivot IoC List:

    , , i još njih 5
    Prikaži ovu nit
    Poništi
  16. 27. sij

    Sneaky. The actors behind this Magecart gang have a fake suspended page on their index page. The URL is :/magecart.net is linked to the recent arrests in Indonesia.

    Poništi
  17. 27. sij

    Ermm you might want to take a look at this. There is a campaign targeting your users directly. There is also two other domains using the same kit: 🌐hxxps://courseworktutors.com/test/view/index.php 🌐hxxp://luzia.co/wp/view/ 🚨

    Poništi
  18. 27. sij

    Over the weekend my script discovered 👮 and one occurrence of 👑 Other sites were also found but were already scanned in . These are all first time scans on the platform If anyone wants a tracking ability to monitor these scans DM me 📬

    Poništi
  19. proslijedio/la je Tweet
    24. sij

    Thanks to data from we were able to see a new digital skimmer/ loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess.

    Prikaži ovu nit
    Poništi
  20. 24. sij

    Whoops. Found a minor error that occasionally gave the wrong panel type as a tag on UrlScan. This is now fixed, stupid incrementing index and then referencing after! I am seeing if there's a way to fix the previous errors. Sorry!

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    23. sij

    Thanks podcast for featuring my tweet (🎙️1:27 - 4:02) Notes: ✅The URL isn't .gb but /gb it is hosted on a .com domain ✅The 'udud' blob is AES encrypted containing the sites content Listen here📻: DM me to chat!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·