Ne0ne | Igal
@0xToxin
Followers
11K
Following
5K
Media
501
Statuses
2K
@msftsecurity | Chasing bad bois
Israel
Joined June 2022
Verifying myself: I am igall on https://t.co/I46TiCindD. XX_O8xOdAEC028GE4Am-WlEARx888L_wbbjY /
0
0
0
New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework. Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :) https://t.co/SVzSMlDCaa
5
59
194
367 TG messages sent by the bot. main TG account - LnrSt33l. High probability based in NG.
🚨 Phishing Alert: New phishing mail mimics urgent #Zoom invites from colleagues. Victims are led to a fake meeting page with video of “participants” to steal login info. Don’t click suspicious links — always verify! 🔒 #CyberSecurity #Phishing #Scam #MailMarshal IoCs:
0
0
11
In the last year and a half I have disappeared a bit... and I am aware of it. I am at a stage in my life with myself where I am beginning to understand and contain myself. I believe that soon I will have the courage and ability to share this with all of you.
1
0
9
😶🌫️
Starting in December 2024, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking .com and delivers multiple credential-stealing malware used for financial fraud and theft.
0
0
2
🤠Hunting #Tycoon2FA Infra with BurpSuite, @ValidinLLC & @virustotal: 1️⃣ Intercept the POST request in BurpSuite to identify the domain storing credentials. 2️⃣ Use Validin to retrieve the mail.<domain> banner hash, revealing server fingerprints. 🧵1/2
1
20
68
#Tycoon2FA Using @ValidinLLC was possible to get a list of potencial Tycoon2FA Phishing pages. 70/140 Tycoon2FA Phishing pages Full list: https://t.co/hSaprAWi0B
2
8
37
#Tycoon #Phishing Got more domains with the help of @g0njxa 571 domains linked to Tycoon. Here’s a list of domains+subdomains+full path, hosting Outlook/Gmail phishing pages: https://t.co/kX73ISVgPc A few of them are waiting for API renew (TA's didn't pay the bill 😂)
pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
3
14
39
🔍 TDR analysts discovered a new Adversary-in-the-Middle (#AiTM) #phishing kit, specifically targeting Microsoft 365 accounts and circumventing 2-step verification: Sneaky 2FA https://t.co/ZwBiA24BNs
#detection #sneaky2fa
blog.sekoia.io
In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.
1
23
66
#booking "We received this message from" #lummastealer ⛔️bit.]ly/4hdnEnC👇 ⛔️admin.bookviewreserve.]com/confirm/login/NbVqArnK👇 ⛔️view-reserve.]com/recaptcha-verify.html 👇 ⛔️92.255.57.112/1/👇 1.png 2.png 3.png Samples https://t.co/BbjrLE4CLr AnyRun https://t.co/o4fR73ZWwq
❇️1/3 #booking #lummastealer #xworm
#CredentialFlusher ⛔️book-captcha.]com/FLy1cL?hotel/hoteladmin/extranet_ng/manage/booking.html? 👇 ⛔️book-captcha.]com/recaptcha-verify.html 👇 ⛔️176.113.115.170/1/ 1.png 2.png 3.png AnyRun https://t.co/JiF6V5zb7j ✅
4
12
40
Since I officially finished my bachelor degree last month, I am now looking for work. If you are offering a job in Cyber Threat Intelligence, please reach out! More infos in the first comment below. #infosec #CTI #JobSearch
20
87
301
#Tycoon #Phishing With the help of @g0njxa, we identified additional 482 domains linked to Tycoon. Here’s a list of domains+subdomains+full path, hosting Outlook/Gmail phishing pages: https://t.co/0BqYMrTDkM
2
22
75
#Booking : Immediate Response Needed - Guest Items" 👇 https://extraguestreview.]com/#eM_0MX3z 👇#fakecaptcha
https://booking.extraguestreview].com/sign-in? 👇 http://92.255.57.]155/Capcha.html 👇 Samples #XWorm V5.6 https://t.co/MoDmO292jx
2
15
43
The holiday season is about to start, and hackers have already started to cash in with fake "Year end and Christmas salary hikes". These emails contain a sendgrid link, which is used a lot in legit comms to avoid detection. The link downloads a zip which has a vbscript,
0
6
10
One hour to go, servers gonna be down so bad 🙃
We’ve just reached 1 million Early Access redemptions. The support you have all shown for Path of Exile 2 Early Access is far beyond anything we could have ever predicted. However we want to be upfront with you all and let you know there may very well be queues over the weekend.
0
0
3
🇷🇺🕵️Gamaredon #APT activity targeting State Bureau of Investigation in 🇺🇦 Ukraine (DBR or ДБР): Phishing email -> XHTML Smuggling Payload -> Download RAR -> LNK -> MSHTA LOLBIN Download third stage Email: 27515d71b91bbdbb55437de6b729663c0cd206d7112ddbc439d82d8a6e1dde3e HTML
2
11
57
"Booking. com lnvoice" spam email PDF>url>js>urls>js >#rhadamanthys Urls b00king[.]com[.]ng/ https://t.co/Wrd14nfIKJ C2 185.196.11.]18:7257 Samples https://t.co/quGR966xZ6 AnyRun https://t.co/GAJyHkebPJ
https://t.co/gEZ3RBCVQ7
2
19
44
#Donut > #AsyncRat #purehvnc ..etc from initial @pr0xylife samples 🔱Samples related to kendychop[.]shop https://t.co/CCIKfejcvE 🔆AnyRun https://t.co/m5Qr1sSfJf
0
12
27
Are you an Airtable user? If yes, be careful. You might receive a malicious mail which contains a link to its legit domain https://t.co/pu08wbILOr and has a sheet. This "sheet" itself has a button, which asks the user to update Airtable by downloading its "Latest version".
0
4
7
Interesting #Xred campaign arriving via Google drive uses a "loader component" which downloads & runs code from /paste.fo/raw/024749876411 . The whole purpose of this component is to make the system weaker ( Disabling components via registry /adding exclusion ) before malware
0
14
34