Lanvin
FlohEinsteinWhy use a URL shortener when you can use a phishy URL extender?
Keep your security people alert and awake, generate phishing-looking redirecting links
554 Boosts, 681 Favs 🎉 That does it. You just outliked my previous best toot with the "We do not test on animals, we test in production" sticker.
FlohEinstein (DECT: 3564) (@[email protected])
Attached: 1 image Working on another sticker for #37c3 - found this image a while ago, but only as a lowres jpg, so I re-did it as a vector graphic. #infosec #devops #sticker We do not test on animals, we test in production. EDIT: Here's the SVG for all of you who asked https://blog.kohler.is/sticker-we-do-not-test-on-animals-we-test-in-production/
leckse@FlohEinstein This is how every URL shortener looks to me.
Thomas Lobig@FlohEinstein *chefskiss delicious!
peter hessler @openbsd@FlohEinstein I one bought 'totallylegitlinks.biz' to use for this exact purpose. But I slacked too long and the domain expired.
Haelwenn /элвэн/ 
@FlohEinstein Looks just like the URLs that are sent by legit services… oh no. (like
http://t.eservices-laposte.fr/TrackActions/[over 200 base64 characters] is legit, and yes it transmits tokens over http://)
Kura 
:kura_explode:@[email protected] @FlohEinstein https://pc-helper.xyz/etc/ipsec.d/crls/symmetric/usr/lib/systemd/user-generators/list/usr/lib/modules-load.d/binary/etc/pulse/default.pa.d/profiling/etc/ppp/peers/loop/var/lib/systemd/catalog/exception/etc/NetworkManager/VPN/merge/var/cache/pacman/db/commit/lib/terminfo/v/database/var/lib/docker/network/repository/var/lib/libvirt/dnsmasq/cloud/usr/include/selinux/deadlock/etc/firewalld/ipsets/pointer/etc/systemd/system/multi-user.target.wants/pointer/payload_updater.js?accept=overwrite&api=flood&attachment=spoof&cache=hijacked&content=tamper&cookiejar=spoof&endpoint=hijack&file=poison&host=spoof&id=3f8c1352210a5896271355125b88acb7905e8c35e6e4cd206975683c&ip=flood&origin=redirect¶meter=spoof&payload=%28function%28%29%7B+return+Math.sqrt%289%29%3B+%7D%29%28%29%3B&portscan=spoof&redirecturi=poison&request=spoof&response=tamper&script=inject&ssl=sniff&url=manipulate&user=clone
Haelwenn /элвэн/ :triskell: (@[email protected])
@[email protected] Looks just like the URLs that are sent by legit services… oh no. RE: Why use a URL shortener when you can use a phishy URL extender? https://phishyurl.com/ Keep your security people alert and awake, generate phishing-looking redirecting links #infosec (📎1)
Gary Houston@lanodan @FlohEinstein yeah, now anybody can generate legit-looking links for their old-school static websites.
LP🔸Light up the night@lanodan @FlohEinstein every bank 3DSecure implementation
Clemens@FlohEinstein Good idea, but needs more ' OR 1=1 --.
William Thorpe@FlohEinstein Useful.
Steve Frenzel@FlohEinstein beautiful, thanks for sharing!
Book@FlohEinstein This is either a clever sousveillance technique to obsure users from Big Tech or a glorious shitpost.
And I'm happy with either.
[384992] Ellie Winters 
@FlohEinstein oh this is legendary
Artha 🐲🏳️⚧️@FlohEinstein "backdoor loader, rat controller" sounds like a line from a metal song
@samerion 🤘 I can hear it in my head.
Twoowls Elt 🦉 🦉@samerion @FlohEinstein “that was the latest tune by backdoor loader. And now, the news.”
Noxie 
@twoowls73 @samerion @FlohEinstein I can see a bunch of hairy shock rock awful dudes in tight leather putting up generic edgy songs 😅
Oh and having 5 scandals on their asses in two years of existence
Karma Burrito
mtc_uk@FlohEinstein Fucking brilliant.
Landgenoot@FlohEinstein I like how NoScript addon catches it as an XSS attempt
honk if you want to honk 
@FlohEinstein omg this is gold
C S@FlohEinstein missed an opportunity to include the EICAR standard test file.
(edit: autocorrect)
LinaBlue@FlohEinstein purrfect
cheap-bitcoin.online/cookie-theft/ddos-bot/trojan_updater_tool.msi?attachment=malware&cookie=steal&id=a071fae1&payload=%28function%28%29%7B+return+parseInt%28%2742%27%29%3B+%7D%29%28%29%3B&sessiontoken=forge&ssl=forge
cheap-bitcoin.online/cookie-theft/ddos-bot/trojan_updater_tool.msi?attachment=malware&cookie=steal&id=a071fae1&payload=%28function%28%29%7B+return+parseInt%28%2742%27%29%3B+%7D%29%28%29%3B&sessiontoken=forge&ssl=forge
Rick Astley - Never Gonna Give You Up (Official Video) (4K Remaster)
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Wildduck@LinaBlue @FlohEinstein oh ? Tusky follows the redirect and show the preview YouTube header thingy. It's les efficient this way 😁
dbat 
𝘿𝙚𝙣𝙤@FlohEinstein lmao great tool XD Please tell me it's open source?
@denoiksde so far it isn't. I have bought the author a coffee on https://buymeacoffee.com/andrei007 to ask them for the source
@FlohEinstein hey thanks <3
Yawni 🏳️🌈▲@FlohEinstein I am so going to use this. I choose chaos..
Megabot#33 
@FlohEinstein Previously done at verylegit.link by https://mango.pdf.zone and shadyurl.com (as noted in https://news.ycombinator.com/item?id=14628278)
@pj thnx, didn't know that one. Well, good ideas reoccur, I guess 🙂
Walrus 🏴Oh, what fun! My latest blog post now looks terrifying https://pc-helper.xyz/crypto-sniffer/zombie-bot/remote_agent.exe?cachecontrol=poison&host=inject&id=bb1d5bb4¶meter=overflow&payload=%28function%28obj%29%7Bobj.key%3D%22value%22%3B%7D%29%28%7B%7D%29%3B++&url=phish
Shameless self publicity, there.
#JohnPeelBandNames
John Faithfull 🌍🇪🇺🏴🧡✊🏻✊🏿
Lord Caramac the Clueless, KSC
Claus Cramon Houmann
Nikita 
Bishonen@FlohEinstein it's hilarious, like it so much 😁
Andy Dustman@FlohEinstein A long time ago, shadyURL did something like this, but it's also been gone a long time.
@farcepest yeah, I know. @pj said the same https://donotsta.re/objects/77de4c1f-b21d-4dca-a88a-35f4d4dffd3a
Lord Grompulus Kevin Ribbiton of Croaksworth :moldlinker: (@[email protected])
@FlohEinstein Previously done at verylegit.link by https://mango.pdf.zone and shadyurl.com (as noted in https://news.ycombinator.com/item?id=14628278)
@FlohEinstein @farcepest (small clarification, just to satisfy my anxiety: i didn't mean my response in negative way [and hope it wasn't taken that way], I like that this idea reoccurs even if not inspired by previous attempts, posting references to other projects so one can compare/learn/have fun/etc, very cool thing made by OP 
)
)@pj @farcepest no worries. And I didn't make it, I just found it and wanted to share it
@FlohEinstein @pj Nah, just reminiscing
Kommadieb@FlohEinstein Nice. Will Mastodon show those as verified when I use this for my profile links? 
R.L. Dane 
🍵 
Dear God, that is so cursed. 🤣
Alex 
@FlohEinstein yep, popular internet idea
One small problem - the more successful and known it becomes, the more scammers pick it up. Happened to shadyurl and forced it to close
> Sadly it became a frequent target for scammers, I guess who use it for reverse psychology? I’ve been booted from a number of hosts, so it’s offline for the moment.
@FlohEinstein missing an eicar Sig in the payload 😁
onelikeandidie@FlohEinstein that is hilarious, I've gotta try that with some of my friends whenever I send a rick roll
(dubious) opinion haver 
@FlohEinstein Rat controller?
@farah probably related to https://en.m.wikipedia.org/wiki/Pied_Piper_of_Hamelin 😉 no, RAT remote access trojan
Stacey Campbell@FlohEinstein First chuckle for the morning (and wow do I need one). Gracias.
chris actual@FlohEinstein this is going to work great at my office. Sending mundane links to teammates is going to be filled with excitement now! Thanks!
🐜@FlohEinstein https://cheap-bitcoin.online/var/lib/NetworkManager/dhclient/hash/etc/iproute2/protocols.d/queue/etc/ppp/ip-up.d/reference/boot/efi/EFI/arch/sdk/etc/gdm/custom.conf.d/foreach/etc/systemd/system/multi-user.target.wants/hashmap/lib/modules/kernel/drivers/kubernetes/etc/pulse/default.pa.d/error/usr/lib/udev/rules.d/synchronization/etc/NetworkManager/dnsmasq.d/stack_memory/etc/NetworkManager/VPN/set/lib/modules/kernel/drivers/deadlock/etc/ipsec.d/crls/bandwidth/etc/cron.daily/commit_hash/payload_encoder_tool.js?api=inject&attachment=spoof&cachecontrol=overwrite&content=tamper&cookievalue=steal&dns=leak&endpoint=hijack&file=poison&header=bypass&id=51728992455cb0094b7aaf580da97ee7b3ab63817432e5a90b796087&ip=spoof¶meter=overflow&payload=%28function%28%29%7B+return+new+Date%28%29.getFullYear%28%29%3B+%7D%29%28%29%3B&port=redirect&querystring=tamper&redirect=bypass&referer=bypass&response=leak&sessiontoken=forge&subdomain=inject&useragent=spoof
Greg Bell@FlohEinstein 🖐️ URL Shortener
👉URL Longener
👉URL Longener
greatquux
DerJoshDer@FlohEinstein
Mmmh... die Frage ist: Kann ich darauf vertrauen, dass das sicher ist? Vielleicht speichert das auch meine Daten..? Man weiß es ja nicht!
Mmmh... die Frage ist: Kann ich darauf vertrauen, dass das sicher ist? Vielleicht speichert das auch meine Daten..? Man weiß es ja nicht!
@DerJoshDer Datensicherheit ist hier definitiv nicht die Frage 😃
irina 🐇🌷
@FlohEinstein just needs to be a
share.google link to round it out
ftg@FlohEinstein
Nice, the return of shadyurl.
Nice, the return of shadyurl.
@ftg you are number (looking it up) 6 to mention shadyurl in the replies. But thanks!