Gi7w0rm
@gi7w0rm.bsky.social
Just me, worming through the interwebs.
Threat Intelligence and #URINT Analyst
Other places: linktr.ee/gi7w0rm
Support me: https://ko-fi.com/gi7w0rm
Threat Intelligence and #URINT Analyst
Other places: linktr.ee/gi7w0rm
Support me: https://ko-fi.com/gi7w0rm
Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈
Cheers ❤️
Cheers ❤️
November 5, 2025 at 6:09 PM
Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈
Cheers ❤️
Cheers ❤️
In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
October 3, 2025 at 8:55 AM
In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!
#BeAware #Report #MakeAChange
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
June 20, 2025 at 11:36 AM
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
June 1, 2025 at 2:39 PM
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
May 6, 2025 at 3:14 AM
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
#subdomaintakeover #itw
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
April 14, 2025 at 5:45 PM
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
April 9, 2025 at 10:28 AM
On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.
March 28, 2025 at 8:00 PM
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
I bet it didn't go well ^^
February 24, 2025 at 7:07 PM
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
I bet it didn't go well ^^
Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
February 12, 2025 at 12:49 AM
Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus.bsky.social!
I have seen so much compromise, if someone sends me a list of 200 backdoored Wordpress sites I am actually starting to contemplate if it is worth to act.
What does this say about the state of our cybersecurity?
At least its a job with a future ^^
What does this say about the state of our cybersecurity?
At least its a job with a future ^^
January 14, 2025 at 2:54 PM
I have seen so much compromise, if someone sends me a list of 200 backdoored Wordpress sites I am actually starting to contemplate if it is worth to act.
What does this say about the state of our cybersecurity?
At least its a job with a future ^^
What does this say about the state of our cybersecurity?
At least its a job with a future ^^
Update pushed to Teletoken.info
1. Added about page
- Added About section
- Added HowTo section
- Added advanced features list
- Added disclaimer/ToS
- Added Contact details
2. Added security.txt
1. Added about page
- Added About section
- Added HowTo section
- Added advanced features list
- Added disclaimer/ToS
- Added Contact details
2. Added security.txt
January 10, 2025 at 5:54 PM
Update pushed to Teletoken.info
1. Added about page
- Added About section
- Added HowTo section
- Added advanced features list
- Added disclaimer/ToS
- Added Contact details
2. Added security.txt
1. Added about page
- Added About section
- Added HowTo section
- Added advanced features list
- Added disclaimer/ToS
- Added Contact details
2. Added security.txt
Hey, we even have a #Bugbounty Program, we are so secure!
The Bugbounty program:
The Bugbounty program:
January 7, 2025 at 2:57 PM
Hey, we even have a #Bugbounty Program, we are so secure!
The Bugbounty program:
The Bugbounty program:
#Magecart #Skimmer just triggered my #Canarytoken.
2 different shops, one was a 1 dollar transaction attempt, likely to test if the card works. The second was a transaction of 1604 canadian dollars in an attempt to buy something from
Viwoods Aipaper.
Actor = Canadian?
@thinkstcanary.canary.tools
2 different shops, one was a 1 dollar transaction attempt, likely to test if the card works. The second was a transaction of 1604 canadian dollars in an attempt to buy something from
Viwoods Aipaper.
Actor = Canadian?
@thinkstcanary.canary.tools
January 7, 2025 at 1:35 PM
#Magecart #Skimmer just triggered my #Canarytoken.
2 different shops, one was a 1 dollar transaction attempt, likely to test if the card works. The second was a transaction of 1604 canadian dollars in an attempt to buy something from
Viwoods Aipaper.
Actor = Canadian?
@thinkstcanary.canary.tools
2 different shops, one was a 1 dollar transaction attempt, likely to test if the card works. The second was a transaction of 1604 canadian dollars in an attempt to buy something from
Viwoods Aipaper.
Actor = Canadian?
@thinkstcanary.canary.tools
5 days into Social Media Botting.
First valid accounts.
Estimating 2,50$ per Bot.
I do not know how this can be profitable without illegal methods.
#experiment #socialmedia #botnet
First valid accounts.
Estimating 2,50$ per Bot.
I do not know how this can be profitable without illegal methods.
#experiment #socialmedia #botnet
January 6, 2025 at 6:09 PM
5 days into Social Media Botting.
First valid accounts.
Estimating 2,50$ per Bot.
I do not know how this can be profitable without illegal methods.
#experiment #socialmedia #botnet
First valid accounts.
Estimating 2,50$ per Bot.
I do not know how this can be profitable without illegal methods.
#experiment #socialmedia #botnet
Updating old projects to prepare for 2025 🙂
IoCSharing to #ThreatFox and my Github has been very low in recent months. Blame my bachelor thesis. But I hope to get that going on a way more frequent basis with the new system :)
Cheers @abuse_ch for your awesome platforms 💪
IoCSharing to #ThreatFox and my Github has been very low in recent months. Blame my bachelor thesis. But I hope to get that going on a way more frequent basis with the new system :)
Cheers @abuse_ch for your awesome platforms 💪
December 22, 2024 at 2:08 PM
Updating old projects to prepare for 2025 🙂
IoCSharing to #ThreatFox and my Github has been very low in recent months. Blame my bachelor thesis. But I hope to get that going on a way more frequent basis with the new system :)
Cheers @abuse_ch for your awesome platforms 💪
IoCSharing to #ThreatFox and my Github has been very low in recent months. Blame my bachelor thesis. But I hope to get that going on a way more frequent basis with the new system :)
Cheers @abuse_ch for your awesome platforms 💪
Woke up to the news that I passed my bachelor thesis with 95%.
Best grade possible. After 7 years of stress, unhappiness and mediocre grades I finished with a banger. Very happy and reliefed. 🎉
#gratefull #didit #bachelorofscience #bachelor2024
Best grade possible. After 7 years of stress, unhappiness and mediocre grades I finished with a banger. Very happy and reliefed. 🎉
#gratefull #didit #bachelorofscience #bachelor2024
December 16, 2024 at 11:48 AM
Woke up to the news that I passed my bachelor thesis with 95%.
Best grade possible. After 7 years of stress, unhappiness and mediocre grades I finished with a banger. Very happy and reliefed. 🎉
#gratefull #didit #bachelorofscience #bachelor2024
Best grade possible. After 7 years of stress, unhappiness and mediocre grades I finished with a banger. Very happy and reliefed. 🎉
#gratefull #didit #bachelorofscience #bachelor2024
New Update pushed to teletoken.info
1. 40k new chat to token relations added
2. Added Token to Source feature to advanced section
- 2k malware relations added
- 7k phishing relations added
Say hi to some of the identified #threatactors below ;)
1. 40k new chat to token relations added
2. Added Token to Source feature to advanced section
- 2k malware relations added
- 7k phishing relations added
Say hi to some of the identified #threatactors below ;)
November 20, 2024 at 3:30 AM
New Update pushed to teletoken.info
1. 40k new chat to token relations added
2. Added Token to Source feature to advanced section
- 2k malware relations added
- 7k phishing relations added
Say hi to some of the identified #threatactors below ;)
1. 40k new chat to token relations added
2. Added Token to Source feature to advanced section
- 2k malware relations added
- 7k phishing relations added
Say hi to some of the identified #threatactors below ;)
I wish all my abuse reports were that simple.
1. Enter website
2. Click Chat
3. Get a nice responsive human on the other end
4. Report abuse in chat without any secondary contact channels
5. Solve abuse and give feedback on actions taken
Nice work @ipregistryco !
1. Enter website
2. Click Chat
3. Get a nice responsive human on the other end
4. Report abuse in chat without any secondary contact channels
5. Solve abuse and give feedback on actions taken
Nice work @ipregistryco !
November 17, 2024 at 2:58 PM
I wish all my abuse reports were that simple.
1. Enter website
2. Click Chat
3. Get a nice responsive human on the other end
4. Report abuse in chat without any secondary contact channels
5. Solve abuse and give feedback on actions taken
Nice work @ipregistryco !
1. Enter website
2. Click Chat
3. Get a nice responsive human on the other end
4. Report abuse in chat without any secondary contact channels
5. Solve abuse and give feedback on actions taken
Nice work @ipregistryco !
#Phishing against #Twitch observed.
twitch-community-guidelines[.]web[.]app
Asks for user details
Asks for user password (actually twice with automatic fail on first submit)
Asks for user 2FA
Redirects to safety.twitch.tv
twitch-community-guidelines[.]web[.]app
Asks for user details
Asks for user password (actually twice with automatic fail on first submit)
Asks for user 2FA
Redirects to safety.twitch.tv
November 17, 2024 at 1:03 PM
#Phishing against #Twitch observed.
twitch-community-guidelines[.]web[.]app
Asks for user details
Asks for user password (actually twice with automatic fail on first submit)
Asks for user 2FA
Redirects to safety.twitch.tv
twitch-community-guidelines[.]web[.]app
Asks for user details
Asks for user password (actually twice with automatic fail on first submit)
Asks for user 2FA
Redirects to safety.twitch.tv
Damn, they really use "3D Security" for this website where I just won the iPhone 16 Pro ^^
Just need to give them my creditcard for this free, totally legitimate gift.
So cooooool 😱
Just need to give them my creditcard for this free, totally legitimate gift.
So cooooool 😱
November 16, 2024 at 4:59 PM
Damn, they really use "3D Security" for this website where I just won the iPhone 16 Pro ^^
Just need to give them my creditcard for this free, totally legitimate gift.
So cooooool 😱
Just need to give them my creditcard for this free, totally legitimate gift.
So cooooool 😱
Upcoming feature for teletoken.info (andvanced info page):
Get all sources I observed related to a Telegram bot token.
See images below.
This will allow you to pivot from one malicious page or sample to additional ones using the same Telegram bot token, tying the threat actor to additional attacks.
Get all sources I observed related to a Telegram bot token.
See images below.
This will allow you to pivot from one malicious page or sample to additional ones using the same Telegram bot token, tying the threat actor to additional attacks.
November 14, 2024 at 7:47 PM
Upcoming feature for teletoken.info (andvanced info page):
Get all sources I observed related to a Telegram bot token.
See images below.
This will allow you to pivot from one malicious page or sample to additional ones using the same Telegram bot token, tying the threat actor to additional attacks.
Get all sources I observed related to a Telegram bot token.
See images below.
This will allow you to pivot from one malicious page or sample to additional ones using the same Telegram bot token, tying the threat actor to additional attacks.
Just handed in my bachelor thesis.
One more presentation and I am done with my degree.
One more presentation and I am done with my degree.
November 11, 2024 at 7:17 PM
Just handed in my bachelor thesis.
One more presentation and I am done with my degree.
One more presentation and I am done with my degree.