Andrew Northern 𓅓 Profile picture
🔮 Senior Threat Researcher at @proofpoint 🔮 | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Oct 7, 2022 29 tweets 11 min read
🧵🐰🕳️ 1/?:

Stumbled down a rabbit hole yesterday and I'm still making sense of it. I don't have all the answers nor do I even have a name for the type of TDS JS nightmare that I ran into but its a pretty wild ride! 🔜

H/T: @lshirley30 for asking me about this Site 1:
anycodings[.com
VT: 0/95
103.48.119[.244
Country: Bangladesh
Type:Tech Web Blog
Aug 14, 2022 4 tweets 1 min read
I finally found the perfect t-shirt for me. Image Does anyone know where I can get this shirt?
Jun 28, 2022 11 tweets 4 min read
Just a quick bit of clarification on #SocGholish on how I personally view the stages/infra.

Thread Stage 1: The injected site. These are compromised sites where a JavaScript implant is present in the HTML Source of the page.

These are plentiful (more than 1000 active at any time).

They come in 2 varieties currently:

1x B64 encoded and 2x B64 encoded