Dio9sysFeb 24

It's been extremely hard to keep this one under wraps.

I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.

https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/

I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.

What’s That String? That Time a Weird String Revealed a Whole Operation – GreyNoise Labs

One weird payload turned out to be a loose thread on an active hacking operation.

GreyNoise Labs
Show threadDr. Dek πŸ‘¨β€πŸš€πŸ§πŸš€ )
@Dio9sys could you please fix the broken cookie banner on the website (or remove tracking cookies entirely). Currently it default to share with everyone all of the cookies, which is illegal according to GDPR.
Feb 25 at 11:29amWeb
Show threadDio9sysFeb 25
@portaloffreedom Bringing it up at work right now. Thanks for catching it!