6/6 When investigating an incident, it is also important to conduct a classic #OSINT investigation, for example, if we are investigating a hack - it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data.
Also do not forget that it is important either to find the identity of the hacker, or to find a reliable cluster of address (eg, CEX) to then request information through official channels. I didn't consider options like honeypot for this thread, though. Wish you luck 😎
• • •
Missing some Tweet in this thread? You can try to
force a refresh
This list does not include black hat hacks which involved user loss of funds, even if the funds are returned. There are other lists for that, including these lists:
There are three fun techniques for those who are constantly under attack.
One of them is to set up similar honeypots, IP loggers like “grabify dot link” and put a script for notifications.
👇👇👇
2/3
The second is to set up fake wallets, potential targets and name them tempting for the hacker. If you try to steal money from them (the hacker will probably notice them first), you can get a notification from @TenderlyApp or own script via SMS.
Warning ❗️ An attack on thematic @telegram crypto chats ongoing now. The attackers use an account named "Smokes Night" to spread Echelon malware by dropping a file into the chat room.
TLDR: Disable auto-downloading in Telegram settings right now.
GN! Another very serious thread/manifest in which I would like to bring up an important problem. It is called cybersquatting. I will explain everything in details 👇
1/X So, let's begin. What exactly is cybersquatting? Cybersquatting is the bad-faith registration and use of a domain name that would be considered confusingly similar to an existing trademark, for example CADDNA.org or AppleProducts.com.
2/X Cybersquatters often conduct a variety of illegal and illicit practices: they can deliver malware, sell counterfeit goods, host phishing schemes, steal identities, and make money from deceptive advertising ruses.
According to @_CPResearch_, users of the Metamask and Phantom crypto wallets, as well as the Pancake platform, were victims of a crypto-fishing scam that stole more than $500,000.
In this thread I ll try to explain how did attackers do that in my own words 👇
1/X
When searching in google on crypto keywords such as “metamask” the spoofed links would appear at the top of search results. When clicked, the link would redirect to a “white” page and serve phishing content in the native language of the geographic region of the victim.
2/X
This attack method is called "cloaking". Cloaking refers to the practice of presenting different content or URLs to human users and search engines.