Bex (@4n6bexaminer) — bluesky.baby

NYPD apparently has some rad new tech called blunt-force crackers but they still failed to get access to a teenager's laptop 🥲 had to rewind a couple of times to make sure I was hearing what I thought I was hearing and then turn subtitles on as well 🤣

17.12.2024 16:06 👍 4 🔁 0 💬 1 📌 0

I had my suspicions 🤣

15.11.2024 11:04 👍 0 🔁 0 💬 1 📌 0

Just a little bit over a year since the arrests associated with bulletproftlink (BPL). Shame it didn't result in any charges. This visualisation is of bitcoin transaction activity assoc. with wallet addresses I attributed to BPL with a high level of confidence. Not exhaustive.

15.11.2024 10:34 👍 3 🔁 0 💬 0 📌 0

Had so many new followers than avg come in I had to turn off notifications for my sanity (I have notifications off for most platforms). I haven't been paying attention. Why the sudden surge? 😅 You don't all look like bots

15.11.2024 09:13 👍 9 🔁 0 💬 2 📌 0

AMOS mixing it up a bit? base64 encoded curl command to download and sign macho from hxxps[://]megantic[.]online/te/Setup tria.ge/240810-q2exv... C2 hxxp[://]109.120.176[.]156/joinsystem

dmg for "cracked" software found via haxmac[.]cc urlscan.io/result/7f856...

#atomicstealer

11.08.2024 11:29 👍 2 🔁 0 💬 0 📌 0

After mucking around a bit finally got a working Dropbox URL and file for the #Clearfake distributed #AtomicStealer fake Chrome sample urlscan.io/result/376ad... tria.ge/240806-sahwj... and now it's a different IP 45.134.26[.]7 for the c2

06.08.2024 15:06 👍 1 🔁 0 💬 0 📌 0

What is old is new again, #atomicstealer being distributed via #clearfake campaign. Haven't seen that in a while!

Clearfake domain: cejecuu4[.]xyz
C2: 193.124.185[.]23

Payload staged in Dropbox

#macosmalware #infostealers #amos #fakebrowserupdates #fakechrome

06.08.2024 07:08 👍 2 🔁 0 💬 1 📌 0

Nice! Thank you ☺️

29.07.2024 13:57 👍 1 🔁 0 💬 0 📌 0

Secondary "grabber" payload urlscan.io/result/c1276...

29.07.2024 11:37 👍 0 🔁 0 💬 0 📌 0

Malware host/lure: tneunarchiver[.]com

First stage payload: TheUnarchiver.dmg (MD5: c720feef0092cfce7a54951beacfc02d)
www.virustotal.com/gui/file/116...

Second stage: cryptomac[.]dev/download/grabber.zip (MD5: 03db09912b4b7bec98410d276bd2409a)
www.virustotal.com/gui/file/a08...

29.07.2024 11:37 👍 0 🔁 0 💬 0 📌 0

tneunarchiver.com - urlscan.io urlscan.io - Website scanner for suspicious and malicious URLs

Nice feature of urlscanio live browsing is having the file download available with the scan for context urlscan.io/result/e25eb... … I thought this was going to be #atomicstealer or #poseidon / #rodstealer / #rodmacer (or not-amos as I'm calling it cos there are too many names lol)

29.07.2024 11:34 👍 0 🔁 0 💬 1 📌 0

This #macOS #stealer #malware isn't immediately recognisable to me. DMG and app file masquerading as The Unarchiver, uses Swift to capture password, downloads secondary payload containing shell scripts to collect, stage, and exfil data to c2 hxxp[://]81.19.137[.]179/api/index.php

29.07.2024 11:03 👍 3 🔁 0 💬 3 📌 0

Thanks! I used Gephi.

28.08.2023 08:47 👍 1 🔁 0 💬 0 📌 0

Decided to update my visualisation of Bitcoin transaction activity associated with a threat actor I've been tracking for 3 years. Threat actor's Bitcoin addresses (blue nodes) identified via #OSINT on forums, chat, social media, and publicly accessible file/text sharing sites.

27.08.2023 12:10 👍 4 🔁 0 💬 1 📌 1

Thank you!

25.08.2023 14:32 👍 1 🔁 0 💬 0 📌 0

Oooo I arrived in Sydney to hear I came 2nd in the IR CTF at #bsidesperth 🥳 started before bed last night, shame I didn't have more time to play and wasn't there today - yesterday was fun. Thanks all!!!

20.08.2023 14:00 👍 4 🔁 0 💬 1 📌 0

No time for glass. Just swig.

13.08.2023 06:36 👍 1 🔁 0 💬 0 📌 0

Yeh telling war stories is getting harder 🤣 it was a part of becoming of age on the internet... what has happened 😢

07.08.2023 08:13 👍 1 🔁 0 💬 1 📌 0

Rick rolling while bowling

06.08.2023 09:21 👍 1 🔁 0 💬 1 📌 0

I'm performing in Sydney in a few weeks.

04.08.2023 09:40 👍 7 🔁 0 💬 1 📌 0

Do animated gifs work yet? Probably not. This is even more amazing animated. I am pleased I can contribute to the cyber security profession with such masterpieces.

28.07.2023 11:54 👍 3 🔁 1 💬 0 📌 0

Screenshot from the desktop app of part of a timeline I'm working on. Spans a decade of activity 😳

24.07.2023 14:01 👍 2 🔁 0 💬 0 📌 0

Experimenting with an app (Aeon Timeline) I can use on both desktop and mobile devices to create timelines and mindmaps/network graphs. It's not setup for cybersecurity/OSINT so I'm having fun adding entity/data types, properties, and relationships.

24.07.2023 13:16 👍 2 🔁 0 💬 1 📌 0

Thanks Marco! And no videos either to use as an alternative 😮

21.07.2023 05:23 👍 0 🔁 0 💬 0 📌 0

Thank you! So many great people!!!

21.07.2023 05:22 👍 0 🔁 0 💬 0 📌 0

This is meant to be animated but I don't think animated gifs work 🥲 Just imagine stars shooting out from behind the planet like fireworks #canvalife #dfirlyfe

19.07.2023 13:44 👍 6 🔁 1 💬 2 📌 0

Like 90% of my twitter followers came from a terrible pun that somehow got retweeted by SwiftOnSecurity and I really don’t know how to replicate that overnight success here.

10.05.2023 00:54 👍 3 🔁 1 💬 0 📌 0

I need more laptop for my stickers

17.07.2023 13:28 👍 2 🔁 0 💬 0 📌 0

My new bluesky account is just as bare as my new laptop shell case 😱

12.07.2023 18:57 👍 4 🔁 0 💬 1 📌 1

Bex

Latest posts by Bex @4n6bexaminer