Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
23pds (山哥) Profile picture
23pds (山哥)
@im23pds
Dad/@SlowMist_Team CISO/#Web3 Security Researcher/RedTeam/Pentester. Do it #bitcoin
Feb 21 5 tweets 1 min read
🧐Lazarus Hacker, i know you can see my X posting, I've caught you on the trail and we'll be posting a related tracking article disclosing the details of this attack. @SlowMist_Team @evilcos Image the Lazarus hackers first found the targeted employees through social engineering, added private GitHub repository access to the victims or victimized employees through live chat tools, and tricked the users into running the code that contained the backdoor.
May 22, 2023 4 tweets 2 min read
注意:开源密码管理器KeePass最近修复一个允许检索主密码的漏洞,该漏洞可被利用来从软件内存中检索出明文主密码,目前PoC 已公开,目前暂无补丁。
加密货币圈有不少用户使用此软件,注意资金风险。
@wublockchain12 @Foresight_News
blog.quarkslab.com/post-exploitat… 利用:
github.com/vdohney/keepas…
May 18, 2023 4 tweets 2 min read
刚才 @michaelwong123 刚好说了一种,那么顺着他的话,在发一个预警:硬件钱包一定要从 官方渠道!官方渠道!官方渠道 (重要的事情说三遍) 购买,切不可贪图便宜从第三方商店购买⚠️
此处提醒的重点不在硬件,不是前两天改装Ledger那种改装、供应链的问题! 而是另有套路! 大家注意!
@SlowMist_Team 总之一句话,硬件钱包一定要从 官方渠道!官方渠道!官方渠道 (重要的事情说三遍) 购买!👈
Jan 24, 2023 17 tweets 5 min read
1/ Today the FBI identified the North Korean hacker group Lazarus Group and APT38 as the Horizon Bridge attackers, with the hacker group using malware called 'TraderTraitor' to carry out the attack. 1/and laundered over $60 million in stolen Ether through a privacy protocol called Railgun. What are "TraderTraitor" and Railgun? @evilcos
Jan 24, 2023 10 tweets 3 min read
1/今天FBI确认朝鲜黑客组织 Lazarus Group 和 APT38 是 Horizo​​n Bridge 攻击者,黑客组织使用名为「TraderTraitor」的恶意软件进行攻击,并通过名为 Railgun 的隐私协议对被盗的超 6000 万美元的以太坊进行洗钱。「TraderTraitor」、Railgun 都是什么?@evilcos 2/「TraderTraitor」是Lazarus主要针对加密货币行业和区块链技术进行攻击的恶意软件,主要是诱导加密货币相关的平台员工下载,向加密货币组织中从事 IT 运营、软件创建和系统管理工作的人员发送消息,以提供高薪工作在各种媒体社交平台使用社会工程学投放,支持 macOS 和 Windows 操作系统。
Jan 19, 2023 9 tweets 4 min read
1/Redline从你电脑盗走你的MetaMask相关文件后,干什么? What does Redline do after stealing your MetaMask-related files from your computer? @MetaMask @MetaMaskSupport @Jon_HQ @tayvano_ @NFT_GOD 2/攻击者会安装一个全新的metamask扩展,然后用你的文件覆盖它本地的文件。The attacker will install a brand new metamask extension and then overwrite its local files with your files ImageImage
Jan 18, 2023 12 tweets 5 min read
1/Just like @vxunderground discovered, I followed his findings and went on to disclose this new cryptocurrency theft ring below.
我顺着他的发现继续披露下这个新的加密货币盗窃团伙。 Rhadamanthys is another group using Google Ad for phishing after Redline, also targeting the cryptocurrency user community.
Rhadamanthys是继Redline之后的另一个使用Google Ad进行钓鱼的团伙,目标也是加密货币用户群体。 Image
Sep 11, 2022 10 tweets 10 min read
🔥最近RedLine黑客更新了产品视频,我们来看下他们的攻击手法、常用工具等:1/🧵
🔥The RedLine hackers have recently updated their product videos, so let's take a look at their attack techniques, common tools and more: 1/🧵
@SlowMist_Team @evilcos @wallet_guard @SlowMist_Team @evilcos @wallet_guard 2/🧵首先他们是Saas服务,Bot恶意机器人的模式,通过下图这样的方式来传播、钓鱼虚拟货币用户:
Firstly they are Saas services, Bot malicious bots in the mode of spreading, phishing virtual currency users by means such as the following.
Sep 10, 2022 4 tweets 3 min read
前两天我们团队 @SlowMist_Team 刚刚曝光Redline Stealer 木马会扫描你的电脑私钥等文件,盗取数字货币的分析,今天发现它的升级版 META Stealer /BlackGuard 木马也来了,攻击手法类似,小伙伴们小心了 ⚠️
就像 @evilcos 调侃的:目前为止,Web2 到 Web3 最成功的转型是黑客。🤣 @SlowMist_Team @evilcos
Sep 8, 2022 7 tweets 1 min read
众多的丢币事件让很多人误以为硬件钱包用上了就不会丢币?这是一个误区,别迷信,丢不丢币跟你用啥关系不大。核心是人的安全意识,我们遇到很多丢币事件,用硬件钱包的事件往往丢币金额更大 🐶 尴尬不?
在区块链黑暗世界,时刻保持警惕,切勿贪婪捡便宜,个人安全意识永远是安全的第一道防线。 欢迎留言探讨,有疑问我会第一时间答复。
Sep 4, 2022 12 tweets 2 min read
昨天团队帮助@BoxMrChen 追踪分析了下,目前看找回可能比较难。 刚好顺着@keenz_eth 的话我写几点常见的建议: 1.如果你在币圈玩,首先建议基础硬件上,推荐iphone,不推荐安卓手机,苹果手机的权限控制更严格;如果你是电脑用的多,推荐Mac,不推荐windows电脑,因为针对windows的各种木马病毒已经太成熟了。
Sep 2, 2022 5 tweets 5 min read
Through analysis, I think the kyberswap may not be the attack caused by GMT. Google GMT is a service provided by Google, which is relatively safe, so it is more likely that someone has changed the front-end code of kyberswap or kyberswap has been hijacked.@Foresight_News @evilcos @Foresight_News @evilcos @sniko_
The way to use GMT code is very simple. It just assigns an ID to the user, and the user embeds it in his own front-end code for statistics. Image
Aug 11, 2022 14 tweets 23 min read
👀Everyone is talking about web3.0, but all ignore the fragility of web3.0:
‼️Let me briefly list the common attack risk points, please read the following list carefully, it is very important: @SlowMist_Team @0xfoobar @officer_cia @sniko_ @Mudit__Gupta @SlowMist_Team @0xfoobar @officer_cia @sniko_ @Mudit__Gupta 1/web3 still needs a domain name, which is the entrance to the Internet. And the domain name needs to be registered with the domain name service provider, there is a risk here: the domain name service provider may be attacked by social engineering