@da_667 @jpm @decryption but the infostealer stuff is getting big because defenses are getting fucking hard to bypass. like the gig i was on was a 2 week engagement, and i spent the entire fucking time, save 2 days, trying to get around apples codesigning requirements, googles spam filters, and various endpoint protection issues. i eventually bailed on trying to use any kinda sliver/msf/etc payload and just went with 'stupid bash'.

but it worked, like a champ.
shit sailed right through

@da_667 @jpm @decryption but in general, any website asking you to copypaste shit into the terminal is 100% shady.

and that includes every real website asking you to "curl pipe to bash". like rvm, homebrew, openclaw, and every other 'devops flavored' installer that asks you to "just trust us bro"

all that shit is a gigantic pietri dish for malware

@Viss @da_667 @jpm @decryption

I guess the bootstrap scripts published on the GitHub readme.md files are the same, right?

I tend to trust those which come from people I have met in person before, but I guess I should reconsider this probably 🤔

@sassdawe @da_667 @jpm @decryption I guess it would be an easy thing to say "here is the script, you should review it before you run it", which would encourage folks to take the time to understand what the fuck they were about to do, but it just doesnt seem to happen

people are way too complacent about just running some shit from the internet - and its so bad and also common now that you can just give people the script unobfuscated and they wont even bother to read it before running it