Gi7w0rm
@gi7w0rm.bsky.social
Just me, worming through the interwebs.
Threat Intelligence and #URINT Analyst
Other places: linktr.ee/gi7w0rm
Support me: https://ko-fi.com/gi7w0rm
Threat Intelligence and #URINT Analyst
Other places: linktr.ee/gi7w0rm
Support me: https://ko-fi.com/gi7w0rm
Pinned
Gi7w0rm
@gi7w0rm.bsky.social
· Jan 23
A beginner(s) guide to hunting web-based credit card skimmers
Hello everyone, and welcome back to another blog post. Today, I will show you my approaches to hunting credit card skimmers. This blog is…
gi7w0rm.medium.com
Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈
Cheers ❤️
Cheers ❤️
November 5, 2025 at 6:09 PM
Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈
Cheers ❤️
Cheers ❤️
In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
October 3, 2025 at 8:55 AM
In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
Had an amazing time #FirstCon last week. Met a bunch of awesome folks from all over the industry. Around 3 hours of sleep per night and 17 hours of social interactions ^^ Was so done but also super happy on friday :) Cheers to all the awesome folks in our industry <3
July 2, 2025 at 10:47 AM
Had an amazing time #FirstCon last week. Met a bunch of awesome folks from all over the industry. Around 3 hours of sleep per night and 17 hours of social interactions ^^ Was so done but also super happy on friday :) Cheers to all the awesome folks in our industry <3
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
June 20, 2025 at 11:36 AM
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
At the beginning of this month i bought myself a #Steamdeck.
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming
June 19, 2025 at 10:28 AM
At the beginning of this month i bought myself a #Steamdeck.
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming
New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...
HuluCaptcha — An example of a FakeCaptcha framework
Hello and welcome back to another blog post. After some time of absence due to a lot of changes in my personal life ( finished university…
medium.com
June 2, 2025 at 7:27 AM
New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
June 1, 2025 at 2:39 PM
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
May 6, 2025 at 3:14 AM
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
So this just happend to me:
gamerhorizon.com/2015/01/28/p...
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
gamerhorizon.com/2015/01/28/p...
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
PSA: Don’t let The Elder Scrolls Online delete your files and folders!
The installer included with the on-disc version of The Elder Scrolls Online contains a bug that can potentially wipe out everything on your hard drive.
gamerhorizon.com
April 22, 2025 at 11:19 AM
So this just happend to me:
gamerhorizon.com/2015/01/28/p...
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
gamerhorizon.com/2015/01/28/p...
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
April 14, 2025 at 5:45 PM
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
April 9, 2025 at 10:28 AM
On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
March 28, 2025 at 8:00 PM
Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
March 27, 2025 at 11:24 PM
Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
Small Bugfix in gi7w0rm.github.io/ArrayThisClo...
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.
ArrayThisClone
gi7w0rm.github.io
March 23, 2025 at 5:17 PM
Small Bugfix in gi7w0rm.github.io/ArrayThisClo...
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.
Have just been notified that I am featured in:
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️
Why It's So Hard to Stop Rising Malicious TDS Traffic
Cybersecurity vendors say threat actors' abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.
www.darkreading.com
March 21, 2025 at 2:54 PM
Have just been notified that I am featured in:
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️
Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
March 14, 2025 at 11:03 PM
Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
I bet it didn't go well ^^
February 24, 2025 at 7:07 PM
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
I bet it didn't go well ^^
Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
February 22, 2025 at 8:03 PM
Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
February 22, 2025 at 3:39 PM
Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
February 12, 2025 at 12:49 AM
Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
January 30, 2025 at 3:50 PM
Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
New #challengecoin unlocked. Images as soon as received 🔥
a white cat is standing on its hind legs on a wooden floor .
ALT: a white cat is standing on its hind legs on a wooden floor .
media.tenor.com
January 29, 2025 at 3:01 PM
New #challengecoin unlocked. Images as soon as received 🔥
Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
A beginner(s) guide to hunting web-based credit card skimmers
Hello everyone, and welcome back to another blog post. Today, I will show you my approaches to hunting credit card skimmers. This blog is…
gi7w0rm.medium.com
January 23, 2025 at 5:09 PM
Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…
Blogpost release scheduled 6 pm CET today.
Topic: How to hunt for CreditCard skimmers using free tools. (Only none free tool I use is ClaudeAI and you could use Llama or similar).
Hope you ll enjoy!
Topic: How to hunt for CreditCard skimmers using free tools. (Only none free tool I use is ClaudeAI and you could use Llama or similar).
Hope you ll enjoy!
a sign that says coming soon is lit up with lights .
ALT: a sign that says coming soon is lit up with lights .
media.tenor.com
January 23, 2025 at 12:22 PM
Blogpost release scheduled 6 pm CET today.
Topic: How to hunt for CreditCard skimmers using free tools. (Only none free tool I use is ClaudeAI and you could use Llama or similar).
Hope you ll enjoy!
Topic: How to hunt for CreditCard skimmers using free tools. (Only none free tool I use is ClaudeAI and you could use Llama or similar).
Hope you ll enjoy!