Gi7w0rm

@[email protected]
449 Followers
22 Following
60 Posts
Threat Intelligence Analyst | Interested in everything Malware 😎
| Huge fan of http://unpac.me
Twitterhttps://twitter.com/Gi7w0rm
Mediumhttps://gi7w0rm.medium.com/
Gi7w0rmMar 2
New Blogpost "Amos Stealer "malext" variant spread in global malvertising campaign using free text-sharing websites" is now live.
https://medium.com/@gi7w0rm/amos-stealer-malext-variant-spread-in-a-global-malvertising-campaign-using-free-text-sharing-4d240e11d7e2
Hope you will enjoy πŸ™‚
Gi7w0rmNov 5

Got some surprise love from the @malbeacon team for beta testing a new product. Thanks a lot for this gift! Hope more people soon get to try your amazing work. TAs will fear you 😈

Cheers ❀️

Gi7w0rmOct 3

In 2024 I reported several critical vulnerabilities in the aviation sector to @AviationISAC .

This week (after several global shipping attempts) I was honored to recieve 2 challenge coins (+ some stickers) from them πŸ”₯
Thank you!

#BeAware #Report #MakeAChange

Gi7w0rmJun 20, 2025
Hunting bottlenecks in my infra.
For months I thought it was the MySQL server. Now that I have some stats, this does not seem to be the case. Time to check the other servers...
Gi7w0rmJun 2, 2025
New Blogpost: #HuluCaptcha - An example of a FakeCaptcha framework.
Started investigating this after a friend was compromised by it. Some interesting/unique techniques shown, plus analysis of the compromised server. Hope you enjoy the read! :)
https://medium.com/@gi7w0rm/hulucaptcha-an-example-of-a-fakecaptcha-framework-9f50eeeb2e6d
Gi7w0rmJun 1, 2025
New #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
Gi7w0rmMay 6, 2025

Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:

hxxps[:]//baustandards-qs[.]lidl[.]com

Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24

#subdomaintakeover #itw

Gi7w0rmApr 14, 2025

The website of the "Deutsche Vereinigung fΓΌr internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.

Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0

Gi7w0rmApr 9, 2025
On December 31,2024 @sourcedefense released an article about a #webskimming threat, that used extensive google redirecting to load the fake payment page.
https://securityboulevard.com/2024/12/critical-alert-sophisticated-google-domain-exploitation-chain-unleashed/
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @uber.
Gi7w0rmMar 28, 2025

"Studio Ghibli" - Gi7w0rm

#AIArt #StudioGhibli #Gi7w0rm