tim.sh
@timsh_org
Followers
27
Following
224
Media
7
Statuses
70
privacy and security noob // @_SEAL_org
Joined August 2024
Just posted my latest and biggest web3 scam investigation: Scam Telegram. Together with @__noided, @blackbigswan from @_SEAL_Org and @unvariant_io, I revealed a massive scam scheme targeting users of every single DeFi protocol out there. https://t.co/zID2EDI6EX
timsh.org
How I found a large network of fake support groups spreading crypto stealers and drainers.
4
8
26
Multiple victims were already affected by DPRK "Contagious Interview" campaigns utilizing VS Code Tasks abuse for malware execution. We took a deep dive and discovered connections to DPRK IT Workers. And, partially broken, yet still effective, malware. https://t.co/mCjisf5Ttn
radar.securityalliance.org
Technical dive into North Korean VS Code Abuse tactics used for Contagious Interview. DPRK IT Workers trail included.
2
16
42
🎄🎄🎄
Watching SEAL Grow Up: Our 2025 Story This year proved that security doesn’t mature in isolation. It grows through collaboration over competition. We launched initiatives & the industry adopted them. Partners showed up. Researchers contributed. Companies trusted us. That’s what
0
0
0
here's a fun and great way to learn something folks!
AI progress means one thing for us primates: If you can’t beat ‘em, join ‘em! Unless you want to be part of the permanent underclass, you'll have to become a token predictor yourself. I’m getting a head start, being trained by the best:
0
0
2
I mean, that's very interesting and sad at the same time, but saying that "ads micro-targeting of vulnerable groups" was not possible before is a stretch. Cambridge Analytica stuff happened almost 10 years ago. Maybe now you need less budget, but still
0
0
1
Great project by a great man. Building something close to this as well, will share later
One of my favorite tools from the pentest world is Bloodhound. You would pull AD data from your domain and then it used the power of Neo4J to find the shortest path to domain admin. I got tired of Chainalysis' clunky interface and built something similar for BTC.
0
0
2
I mean, it’s one thing to hype on 1000th time this sort of stuff happened, but a complete lunacy to me to casually throw in “why don’t they build the undo button” Like are you sure you get the point of blockchain in general? Do you think it’s the “brilliant minds” problem? lol
Can the most brilliant minds in our industry stop building the next layer 1 and fix this problem? Billion dollar protocol if you can add an undo to token transfers Not kidding
1
0
2
lmao this whole thing is nuts
@vladtenev i am no longer a gambler, i am a predictor i have an addiction to prediction
1
0
1
🚨 ALERT: Fake "StandX" ads top Google search results right now! ⚠️ These phishing ads are designed to drain your wallet through malicious transaction signatures.
3
15
45
3/ It was actually quite a decent stealer: instead of relying on hardcoded form link / tg bot api key, it used a php backend to deliver the stolen seed phrase. Kinda similar to the secureproxy.php used by drainers like inferno
0
0
0
2/ If it's still not obvious from the frontend itself (gradient + sloppy icons), here's an actual code snippet from one of the .js files of the site:
1
0
0
1/ As part of the latest investigation I found and reviewed a lot of drainer / stealer sites. This one was fun because it's an enhanced seed stealer which was vibe coded, probably 100% of the code lol
1
0
3
Slack for iOS is like the worst corp communication app ever. Desktop is 5% better. These are facts. It’s fucking ridiculous. I can go on about this for like 72 hours.
0
0
1
If you only focus on the admin-chat relations and get rid of the other nodes, you'll end up with smth like this: white nodes represent chats and orange are their admins. Notice the tree structure repeating itself in almost every part of the graph? Yep, it doesn't look healthy.
0
0
1
Here's what happens if you remove all of the nodes that only have 1 connection (eg users that only messaged in a single chat): The little (and large) clouds of users are members of at least 2 chats, most of them botted or malicious.
1
0
0
- Admin-chat relations form a web connecting all of the chats - The oldest chat that started this is on the right (the reddest one). Above it is one of the newest ones (blue). - Lots of users are shared between 2-3 chats - especially between 3 giants in the bottom of the viz.
0
0
0
Some nice-looking graphs and insights from my latest post: - grey little nodes are users and urls - dark-grey nodes are chats - ultra-red🔴nodes and edges are admins and their relations to chats - other edges are messages: red are the oldest and blue ones are the newest 🟥⬜🟦
2
0
2
This sort of stuff had been going on for years, way before all these new fancy models. There was a telegram bot 2 years ago or so that produced personalized Elon Musk deepfake “I partnered with this new exchange” for 0.2$/tiktok
Deepfake YouTube ad running right now: Fake Solana channel (99.9K subs) uses AI Toly from the All In Podcast saying free 15 SOL airdrops. Obviously, the link is a wallet drainer. The future is here & it’s scary.. 🧵👇
0
0
0
@_SEAL_Org @DefiLlama @CurveFinance @yieldbasis I asked @newmichwill if he was aware of these chats: not affiliated with @ChainPatrol just in case
0
1
1
@_SEAL_Org @DefiLlama @CurveFinance @yieldbasis I asked @newmichwill if he was aware of these chats: not affiliated with @ChainPatrol just in case
0
1
1