Gi7w0rm

Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈

Cheers ❤️

In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .

This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them 🔥
Thank you!

#BeAware #Report #MakeAChange

Had an amazing time #FirstCon last week. Met a bunch of awesome folks from all over the industry. Around 3 hours of sleep per night and 17 hours of social interactions ^^ Was so done but also super happy on friday :) Cheers to all the awesome folks in our industry <3

Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...

At the beginning of this month i bought myself a #Steamdeck.
Must admit I am very pleasently surprised by it. Nice handling, great screen resolution, good performance. Better and more versatile than a Nintendo Switch.
Nice product @valvesoftware
#ThankGaben #gaming

HuluCaptcha — An example of a FakeCaptcha framework Hello and welcome back to another blog post. After some time of absence due to a lot of changes in my personal life ( finished university…

New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
medium.com/@gi7w0rm/hul...

New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊

Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:

hxxps[:]//baustandards-qs[.]lidl[.]com

Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24

#subdomaintakeover #itw

PSA: Don’t let The Elder Scrolls Online delete your files and folders! The installer included with the on-disc version of The Elder Scrolls Online contains a bug that can potentially wipe out everything on your hard drive.

So this just happend to me:
gamerhorizon.com/2015/01/28/p...

800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.

The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.

Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0

On December 31,2024 @sourcedefense released an article about a #webskimming threat, using extensive google redirects.
securityboulevard.com/2024/12/crit...
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @Uber.

Message of the day:
Not every North Korean Cyber Threat is #Lazarus or related to Lazarus.
Please get this into your heads...

"Studio Ghibli" - Gi7w0rm

#AIArt #StudioGhibli #Gi7w0rm

Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...

Small Bugfix in gi7w0rm.github.io/ArrayThisClo...
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array.

Why It's So Hard to Stop Rising Malicious TDS Traffic Cybersecurity vendors say threat actors' abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.

Have just been notified that I am featured in:
www.darkreading.com/cyberattacks...
Thank you for the honor @DarkReading ❤️

Thank you :)

Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️

Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^

Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️

Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪

Happy to have received recognition for being a #TopContributor to the abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.

Cheers to the Team @abuse_ch and @spamhaus.bsky.social!

Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥

My pleasure :) thank you for the feedback!

a white cat is standing on its hind legs on a wooden floor . ALT: a white cat is standing on its hind legs on a wooden floor .

New #challengecoin unlocked. Images as soon as received 🔥

Here is the fixed link:
gi7w0rm.medium.com/a-beginner-s...

Super weird, not really sure why...

A beginner(s) guide to hunting web-based credit card skimmers Hello everyone, and welcome back to another blog post. Today, I will show you my approaches to hunting credit card skimmers. This blog is…

Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…

a sign that says coming soon is lit up with lights . ALT: a sign that says coming soon is lit up with lights .

Blogpost release scheduled 6 pm CET today.
Topic: How to hunt for CreditCard skimmers using free tools. (Only none free tool I use is ClaudeAI and you could use Llama or similar).
Hope you ll enjoy!

Had a productive evening yesterday :)
#skimming #magecart #hunting