#InfoSec #Cybersecurity #threatintel and Politics. I try my best.
Also @[email protected]
Searchable
| Verified by Twittodon | https://twittodon.com/share.php?t=Deepthoughts10&[email protected] |
| Find my toots | Tootfinder |
RE: https://infosec.exchange/@VirusBulletin/116294907171305521
Etherhiding is an established but lesser known method of providing C2 information to malware. Most businesses do not need to allow access to the blockchain-related API / RPC endpoints used by this technique. I highly recommend you block them.
eth.llamarpc.com
mainnet.gateway.tenderly.co
rpc.flashbots.net
rpc.mevblocker.io
eth-mainnet.public.blastapi.io
ethereum-rpc.publicnode.com
rpc.payload.de
eth.drpc.org
eth.merkle.io
My database is at CertGraveyard .org . We document these to keep a public record and to use it for cyber defense.
To that end we've also partnered with MagicSword (https://www.magicsword.io/plan?utm_source=certgraveyard&utm_medium=affiliate&utm_campaign=community-widget&utm_content=social ); their tool uses our database.
5/6
Red Canary’s March Intelligence Insights report is out. They provide detection opportunities for common Windows and MacOS exploits #cybersecurity
https://redcanary.com/blog/threat-intelligence/intelligence-insights-march-2026/
RE: https://mastodon.social/@verge/116212236350531341
This shouldn’t baffle anyone. This is a transactional administration and clearly the right people were paid off. #uspol
RE: https://infosec.exchange/@patrickcmiller/116210592807071943
Here are some controls to put in place to prevent this attack from happening to you:
- Block ISO file extensions from being emailed to your users
- Prevent downloads of ISO files from untrusted sites (such as consumer friendly file storage services)
- Change your Windows File Explorer settings to associate the .ISO file extension with Notepad.exe so it won’t auto mount when double-clicked
#cybersecurity
What are Out-of-band Application Security Testing (OAST) domains? Out-of-band application security testing (OAST) is a method for finding exploitable vulnerabilities in a web application by forcing a target to call back to a piece of infrastructure controlled by the tester. OAST domains (sub-domains most often) are often free and hosted by OAST tool providers like interact.sh. What happens when something is free on the Internet? It gets abused.
Let’s make tOAST of the most commonly abused OAST domains! @greynoise has an in-depth writeup on recent campaigns using OAST infrastructure.
OAST Domains/Provider:
All 33 campaigns use Interactsh
5,560 unique callback sub-domains observed
Block these domains to stop these attacks: oast.pro, oast.live, oast.fun, oast.me, oast.site
https://www.labs.greynoise.io/grimoire/2026-02-20-weekly-oast-report/
GreyNoise observed 3,882 sessions from 24 unique IPs across 33 Interactsh OAST campaigns targeting the GreyNoise Global Observation Grid between February 14-20, 2026. Unlike previous weeks where multi-IP campaign clusters dominated, this week’s activity consists entirely of single-IP operations, with every campaign mapping to exactly one source IP. Two Censys-confirmed bulletproof hosting providers (Private Layer, RouterHosting/Cloudzy) anchor the high-priority infrastructure, while a commercial VPN exit node (AnchorFree/Hotspot Shield) and a Russian-registered entity operating through French hosting add attribution complexity.
Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏.
No IT config needed. 🔥
3-phase rollout starting Feb 2026:
⚠️ Warn → 🚫 Block → 🗑️ Wipe
Let your help desk and security teams know.
Lee Holmes 
Squiblydoo
Chicago Blackhawks 🤖
Merill Fernando 