Olivia
Online
Marc
@BolverBlitz
Nürnberger Land, Bayern
Joined January 2017
194 Following
114 Followers
10.7K Posts
Got send a email a couple days ago with a invoice.html that had a base64 encoded payload that would have downloaded invoice.pdf.exe. It was slop as we'll, lots of LLM notes everywhere but the funny part was that the function call to download the payload was commended out.
I learned quite a bit from this actually.
I didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the "-cef-enable-debugging" flag.
Once you'll launched Steam with this, you can inject Javascript into Steam using Chromium "webSocketDebuggingUrl" stuff.
This malware has a whole pseudo-framework of Javascript that can do:
- Alert Bell (?)
- Block pages
- "Help page" (?)
- Inventory manipulation
- Steam library manipulation
- Profile manipulation
- Steam redirections
Basically, this malware payload switches Steam into a Chromium debug state, then sends web debug requests (kind of like Chrome Dev Tools?) to manipulate the Steam pages. It injects Javascript.
The chat window that spawns is from a remote host they control. This is really cool.
Is it AI slop? Yes
Is this code EXTREMELY easy to reverse engineer? Yes
Did they unironically document their entire code base in Russian because it was (probably) written using Claude and the authors probably speak Russian? Yes
Is this extremely creative and cool? Yes
Special thanks to "pro" from 2c44. He handed me the payload and the decompiled Python. The malware .py was Base64 encoded ... so obtaining the original source was ridiculously easy.
@dashservio Und 6v Cores für alle 3 Stacks, das war unsere CPU last auf 480 vCores verteilt 😅 nichtmal knapp daneben.
Und der NodeJS Worker basiert schon auf uWS, mit ExpressJS geht er direkt in Flammen auf.
@dashservio Hm. APIs mit 1 Mio / Tag
Node 12GB
Python 12GB
GO 11GB
Wir haben 3 seperate Worker Cluster die sich die Arbeit teilen, jeweils 15GB also 45GB für NodeJS
Für nen anderen Endpint hatte unser cGO worker, etwa 30% der Requests und braucht 3x1.2GB
Who to follow
GodOfOwls
@GodOfOwls
https://t.co/3QnS9j2IX7
Stefan Holz - ❤️ für Frauen
@Neue_Meldungen
Meine volle Solidarität mit der Ukraine! Nieder mit der Gewalt gegen dieses schöne Land! Freundschaft-Anfragen nur von Frauen ab 60 Jahren!
geozukunft
@geozukunft
Creator @yearinlol | Network Engineer @ AS42473 | also a Mechatronics Engineer |Ingress ENL lvl16 | he/him | 24 | pfp by @OMGABadDeer | opinions are my own
@Hetzner_Online @slendertaker7 It's been like this for years now 🥺 always need to switch between Nürnberg and Falkenstein
@Lina_Hoshino Even the results could leak where you life if you Google for something in your area it tends to rank them by distance to where you usually go/life
@LiveOverflow Yep, but I've always done that a lot
@nuernberg_de Bekommen die Ampeln auch C-ITS oder gibt's bereits welche im Stadtgebiet?
@DrInsensitive But I was allowed to bring it on board after they talked for half an hour with their supervisor
@DrInsensitive In Germany I never had any issue bringing such knives, quite the opposite. The scanner flags it and they check it, when they see it they laugh and say "Well can't stab anyone with that one"
On the return flight, the UK responded with 9 people with MPs pointed at me 😅
@rekdt Ofc I would give them the admin password... To the pc that sits in the corner, unplugged for the last 10 years.
@KazeEmanuar GTA Online
@suni_code He is right. Just store everything in cache. Ideally in memory only cache.
I dare you to reboot that server - ever
@nergie_de Sachmal... Ernsthaft? Der Kontaktformular Senden Knopf ist ein 404?
Ihr toppt auch echt jedes Jahr eure eigene Inkompetenz.
Every time I try to edit video on my 8GB Mac it tells me it ran out ot ram. Wants me to close everything - including the video editor
Yes indo use timeline cache and proxy timelines.
🙈
No, an 8GB of ram laptop is not “only for web browsing”
you can code with it
you can do graphic design
you can do video editing
you can run photoshop
you can multitask
Tech bros are subject to a massive bias where not a single one of them has tried an 8 GB of RAM computer in the last 5 to 10 years because they all default to thinking they’re unusable when they’re actually perfectly fine.
it’s fine. mostly.
@PORNFLAAAKES Jetzt mit MS365 sind die Phishing Mails leider auf SSO umgestiegen :/
Langweilig.
@PORNFLAAAKES Bei uns waren alle domains in diesen E-Mails unter dem Namen der externen Firma die den Auftrag hat registriert. Hab mir ein Skript geschrieben was diese Mails direkt an die IT weiterleit und mit zufälligen Login Daten zumüllt so waren die immer down bevor jemand draufklicken kan
@MForgeng Naja, ihre Grafik inkludiert jedoch kein freiwilliges Mehrzahlen. Steht ja jedem frei, aus welchem Grund auch immer, mehr zu bezahlen aber beschweren sollte man sich dann nicht.
@Oblivious9021 Duplicate API calls likely only by setting the button to disabled.
On the Backend it didn't matter, either the first payment transaction has completed and the cache is already ready and the second call hits cache or it goes into the DB and fails so I don't care
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers