AndrewMohawk 

@[email protected]
383 Followers
1.1K Following
178 Posts

Just another noob. Previously Paterva/Maltego, BitMEX and Robinhood. Blackhat Training RB

Excited about all the security things! Enjoy hardware in my free time :)

AndrewMohawk Jan 20, 2025
BrianKrebsJan 14, 2025

For the past 4.5+ years, MasterCard has had a typo in its DNS records, where one of its domains was named as a22-65.akam.ne, instead of a22-65.akam.net (Akamai).

Fortunately for MasterCard, the person who figured this out is one of the good guys, and he's actually here on Mastodon: @titon. I interviewed @titon -- Philippe Caturegli, founder of the security firm Seralys, in a story last year on domain name collisions.

https://krebsonsecurity.com/2024/08/local-networks-go-global-when-domain-names-collide/

Curiously, a look into the passive DNS for this domain via DomainTools indicates that someone in Russia registered this domain akam.ne in 2016 and had it sporadically resolve to an IP address in Germany for a few years (185.53.177,31). May have also involved the email address [email protected].

Just a reminder to check your DNS records for typos. Because if you don't control the domain name that your name servers are pointing to, there is virtually no end to the world of hurt that crooks can visit on your organization.

Local Networks Go Global When Domain Names Collide – Krebs on Security

AndrewMohawk Nov 20, 2024
@forbes 30-under-30 never misses. https://www.yahoo.com/tech/ai-startup-ceo-forbes-30-192337094.html?guccounter=1
An AI startup CEO on a Forbes '30 Under 30' list has been charged with defrauding investors out of $10 million

Joanna Smith-Griffin is latest Forbes '30 Under 30' alum facing criminal charges, joining Sam Bankman-Fried, Charlie Javice, and Martin Shkreli.

Yahoo Tech
AndrewMohawk Nov 20, 2024

If you haven't used it before I highly recommend you give zizmor from
@yossarian a spin -- https://github.com/woodruffw/zizmor

GH actions are a common place for footguns, use this to protect your toes, feet, ankles and bug bounty program

GitHub - woodruffw/zizmor: A static analysis tool for GitHub Actions

A static analysis tool for GitHub Actions. Contribute to woodruffw/zizmor development by creating an account on GitHub.

GitHub
AndrewMohawk Nov 16, 2024
Had an excellent time presenting "web3 security is embarrassing" at #defisecuritysummit and #devcon
AndrewMohawk Oct 31, 2024
/r/netsecOct 31, 2024
Understanding RedLine Stealer: The Trojan Targeting Your Data https://malwr-analysis.com/2024/08/22/understanding-redline-stealer-the-trojan-targeting-your-data/
Understanding RedLine Stealer: The Trojan Targeting Your Data

In the ever-evolving landscape of cybersecurity threats, one name has increasingly become synonymous with stealth and precision: RedLine Stealer. This malicious software, often referred to as a Tro…

Malware Analysis
AndrewMohawk Oct 31, 2024
✦ MarinaOct 30, 2024
you can have a tiny mac mini as a treat
he's so smol
wants to be carried around in your pocket
Show threadAndrewMohawk Oct 31, 2024
@Aconite33 I understand your account seems to predominantly exist to promote your tool but I can't figure out anyway that it being 'recursive' would solve the problem over my scaling docker workers? How does writing a bbot module help fetch whois and rdap for 260k domains, I'd still need to actually make those queries?
AndrewMohawk Oct 30, 2024
@joriki unfortunately not, I want to grab the whois and rdap data to identify the registrar's :(
AndrewMohawk Oct 30, 2024
If I was looking to pull the RDAP and Whois data for about 250K malicious domains (mixed TLD, ccTLD, gTLD, etc) -- is there anyone who can help me with the data? Doing it with `whois` and https calls and going slow to avoid rate limits is kicking my ass!
AndrewMohawk Sep 29, 2024
Patrick C Miller Sep 29, 2024
X's first transparency report since Musk reveals a surprising contradiction https://www.zdnet.com/article/xs-first-transparency-report-since-musk-reveals-a-surprising-contradiction/#ftag=RSSbaffb68
X's first transparency report since Musk reveals a surprising contradiction

The social platform's report - its first in three years - reveals, among other things, that five million hateful posts were removed, but only 2,361 profiles were banned. Here's what else we learned.

ZDNET