#InfoSec #Cybersecurity #threatintel and Politics. I try my best.
Also @[email protected]
Searchable
| Verified by Twittodon | https://twittodon.com/share.php?t=Deepthoughts10&[email protected] |
| Find my toots | Tootfinder |
Deep research on a recent ClickFix campaign from Kirk at Derp.ca. He offered much more analysis of this campaign but I want to highlight two aspects of the identified kill chain: duckdns.org and trycloudflare.com. Blocking those two domains would have stopped this attack. #cybersecurity
https://www.derp.ca/research/serpentine-cloud-clickfix-return/
RE: https://infosec.exchange/@ScumBots/116313336377653315
A legit service offers subdomains of hopto.org you can use for redirects. It’s often abused. Add it to your threat hunts and block if you are able. #cybersecurity
RE: https://infosec.exchange/@VirusBulletin/116294907171305521
Etherhiding is an established but lesser known method of providing C2 information to malware. Most businesses do not need to allow access to the blockchain-related API / RPC endpoints used by this technique. I highly recommend you block them.
eth.llamarpc.com
mainnet.gateway.tenderly.co
rpc.flashbots.net
rpc.mevblocker.io
eth-mainnet.public.blastapi.io
ethereum-rpc.publicnode.com
rpc.payload.de
eth.drpc.org
eth.merkle.io
My database is at CertGraveyard .org . We document these to keep a public record and to use it for cyber defense.
To that end we've also partnered with MagicSword (https://www.magicsword.io/plan?utm_source=certgraveyard&utm_medium=affiliate&utm_campaign=community-widget&utm_content=social ); their tool uses our database.
5/6
Red Canary’s March Intelligence Insights report is out. They provide detection opportunities for common Windows and MacOS exploits #cybersecurity
https://redcanary.com/blog/threat-intelligence/intelligence-insights-march-2026/
Kevin Rothrock
404 Media
Lee Holmes 
Squiblydoo
Chicago Blackhawks 🤖