hk's Avatar

hk

@hermonk.bsky.social

Noob SysAdmin

22 Followers  |  137 Following  |  2 Posts  |  Joined: 18.11.2024  |  1.926

Latest posts by hermonk.bsky.social on Bluesky


Injected KongTuke script in page from compromised website.

Injected KongTuke script in page from compromised website.

Fake CAPTCHA page from KongTuke domain, scrroeder[.]com.

Fake CAPTCHA page from KongTuke domain, scrroeder[.]com.

KongTuke's "ClickFix" command injected into the viewer's clipboard.

KongTuke's "ClickFix" command injected into the viewer's clipboard.

Traffic from the activity filtered in Wireshark. I did not get the malware from this.

Traffic from the activity filtered in Wireshark. I did not get the malware from this.

2026-01-05 (Monday): #KongTuke domain scrroeder[.]com generated #ClickFix script for 144.31.221[.]71, but I didn't get a malware infection when I tried it today.

05.01.2026 16:50 โ€” ๐Ÿ‘ 7    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

God I hate the fact that Threat + Hunting is being called "Thrunting." And we now have Threat + Hunters who are "Thrunters." This is all I can see when I see these terms...

21.10.2025 17:40 โ€” ๐Ÿ‘ 10    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Page to download the initial file.

Page to download the initial file.

HTTPS URLs seen from the infection.

HTTPS URLs seen from the infection.

Traffic from the infection filtered in Wireshark.

Traffic from the infection filtered in Wireshark.

Example of post-infection data exfiltration traffic.

Example of post-infection data exfiltration traffic.

2025-10-16 (Thursday): Unidentified #stealer/#Loader found when searching for URLs that follow patterns previously seen for Koi Loader/Koi Stealer.

Details at github.com/malware-traf...

16.10.2025 17:18 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screenshot of the email.

Screenshot of the email.

Screenshot of webpage for the malware download.

Screenshot of webpage for the malware download.

Downloaded malware EXE showing digital signature and metadata.

Downloaded malware EXE showing digital signature and metadata.

Scheduled task to keep the infection persistent.

Scheduled task to keep the infection persistent.

2025-09-25 (Thursday): Received an email distributing a malicious installer for an #RMM tool. Details at github.com/malware-traf...

28.09.2025 17:19 โ€” ๐Ÿ‘ 7    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screenshot of the email.

Screenshot of the email.

Screenshot of webpage for the malware download.

Screenshot of webpage for the malware download.

Downloaded installer EXE showing digital signature and metadata.

Downloaded installer EXE showing digital signature and metadata.

Scheduled task to keep the infection persistent.

Scheduled task to keep the infection persistent.

2025-09-29 (Monday): Follow-up to my post last week. I've been seeing one or two of these emails almost every day. Details on the latest example at github.com/malware-traf...

30.09.2025 17:04 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screenshot of icon for the malicious app on a cell phone.

Screenshot of icon for the malicious app on a cell phone.

Screenshot of the login screen for the malicious app on a cell phone.

Screenshot of the login screen for the malicious app on a cell phone.

It's asking me to place a credit card on the phone.

It's asking me to place a credit card on the phone.

Traffic from an infection filtered in Wireshark.

Traffic from an infection filtered in Wireshark.

2025-10-02 (Thursday): #pcap and some images from an Android malware infection at www.malware-traffic-analysis.net/2025/10/02/i...

07.10.2025 02:59 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screen shot of the blog post.

Screen shot of the blog post.

2025-10-06 (Monday): A collection of 200+ phishing emails in Japanese that were sent to my blog email addresses. Available at www.malware-traffic-analysis.net/2025/10/06/i...

07.10.2025 03:41 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Thank you!

06.10.2025 19:36 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screenshot of the page from my website with the post for this information.

Screenshot of the page from my website with the post for this information.

Example of path to download the initial 7-zip archive for the malware.

Example of path to download the initial 7-zip archive for the malware.

Page with the download for the initial 7-zip archive.

Page with the download for the initial 7-zip archive.

Traffic from the possible Rhadamanthys malware, filtered in Wireshark.

Traffic from the possible Rhadamanthys malware, filtered in Wireshark.

2025-10-01 (Wed) I've posted #malware samples and a #pcap of the post-infection traffic from an infection by possible #Rhadamanthys malware at www.malware-traffic-analysis.net/2025/10/01/i...

This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.

06.10.2025 18:52 โ€” ๐Ÿ‘ 2    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Looking forward to the exercise file. ๐Ÿ™‚

22.09.2025 20:31 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

Dr. Brian Fehrman give us his reason why we want to defeat AI-Based Malware Detection.

Join us for a free one-hour session with AI-security researcher & BHIS pentester Dr. Brian Fehrman on defeating AI malware detection with AI.

Thu, Sep 11 1:00 PM ET
Register: events.zoom.us/ev/AuO1quTvv...

09.09.2025 17:43 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

THURSDAY - BHIS Webcast

What if you could use AI to defeat AI-based malware detection?

Join us for a free one-hour session with AI-security researcher and BHIS pentester Brian Fehrman on defeating AI malware detection with AI.

Thu, Sep 11 1:00 PM EDT

Register: events.zoom.us/ev/AuO1quTvv...

09.09.2025 18:52 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Hey folks!

WEDS- Antisyphon Training Anticast

Join Nick Ascoli & Eric Clay from Flare for a free one-hour training session, "Unraveling Infostealer Threat Networks,".

Wed, Sep 10 12:00 PM EDT

Register: events.zoom.us/ev/AtRoO7tR8...

09.09.2025 18:52 โ€” ๐Ÿ‘ 4    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Kongtuke style injected script in page from compromised website

Kongtuke style injected script in page from compromised website

Fake CAPTCHA page that performs clipboard hijacking (pastejacking) showing the ClickFix style instructions and malicious script a victim would paste into a Run window or command line terminal.

Fake CAPTCHA page that performs clipboard hijacking (pastejacking) showing the ClickFix style instructions and malicious script a victim would paste into a Run window or command line terminal.

Location of the downloaded zip archive for Lumma Stealer, and the content of that zip archive in the user's AppData\Roaming directory.

Location of the downloaded zip archive for Lumma Stealer, and the content of that zip archive in the user's AppData\Roaming directory.

Traffic from an infection filtered in Wireshark.

Traffic from an infection filtered in Wireshark.

2025-09-03 (Wednesday): #Kongtuke fake CAPTCHA page leads to #ClickFix style script for #LummaStealer

A #pcap of the infection traffic, the associated malware, and IOCs are at www.malware-traffic-analysis.net/2025/09/03/i...

03.09.2025 18:13 โ€” ๐Ÿ‘ 6    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image Post image

Blue teamers โ€” sometimes we can lose sight of Active Directory. I mean, it just works in the background, right? Active Directory is crucial to Windows networks & a perfect target for bad actors. Dive into this article to learn common active directory pitfalls 7 how to avoid getting your day ruined.

17.12.2024 21:50 โ€” ๐Ÿ‘ 12    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Anti-Cast: Finding and Fixing AD CS Issues with Locksmith with Jake Hildreth - Antisyphon Training Join us for a free one-hour infosec training session from Trimarcโ€™s Jake Hildreth on Finding and Fixing AD CS Issues with Locksmith.

Howdy folks. I'm sending this skeet to let you know about the free @antisyphontraining.bsky.social Anti-cast tomorrow on Finding and Fixing AD CS Issues with Locksmith w/ Jake Hildreth (@dotdot.horse).

Jake's my coworker & friend. Sign up!

www.antisyphontraining.com/event/anti-c...

10.12.2024 16:58 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Do you want to level up your cloud penetration testing skills? Then be sure to register for "Breaching the Cloud" with Beau Bullock for pre-con training at Wild West Hackin' Fest @ Mile High 2025! Check out details and register here: wildwesthackinfest.com/wild-west-ha...

03.12.2024 17:13 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Vodka maker Stoli files for bankruptcy in US after ransomware attack Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. [...]
03.12.2024 22:00 โ€” ๐Ÿ‘ 0    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Black Friday 2024 - Antisyphon Training Starting today November 26th through December 1st, 2024, when you sign up for our Black Friday deal you will get access forty On-Demand classes on the

For Black Friday, AntiSyphon Training is offering our full OnDemand catalog (40+) classes with labs and everything for $1,500 per year.

That is like 90+% off.

www.antisyphontraining.com/black-friday...

28.11.2024 13:34 โ€” ๐Ÿ‘ 4    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image Post image Post image Post image

For one of my side hustles, I opened a Local Game Store a few months ago. We've been grinding away getting ready for Black Friday and for the first time I feel like the store is full. This has been such an awesome building and learning experience. We are as ready as we can be!

28.11.2024 14:53 โ€” ๐Ÿ‘ 7    ๐Ÿ” 1    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 0
Threat Hunting Zine โ€” PROMPT#

You can read the entire Threat Hunting issue of PROMPT# for FREE:
www.promptzine.com/threat-hunti...

26.11.2024 17:58 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Do you want AI to take your job? NO! Give yourself a holiday present and attend the "AI for Cyber Security Professionals" two day course at the @antisyphontraining.bsky.social Secure Code Summit on Dec5th and 6th 2024. www.antisyphontraining.com/course/ai-fo...
I promise this will change your life!

25.11.2024 14:22 โ€” ๐Ÿ‘ 3    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image Post image Post image Post image

AC-Hunte is a network threat hunting tool that analyzes network traffic to detect which internal systems have been compromised.

Get AC-Hunter CE for FREE - www.activecountermeasures.com/ac-hunter-co...

How to use AC-Hunter:
youtu.be/26saE26aQ4o
youtu.be/mTIDoZ7I-Co?...
youtube.com/playlist?lis...

19.11.2024 20:56 โ€” ๐Ÿ‘ 5    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

@hermonk is following 20 prominent accounts