Today, I’m proud to share something very special.
My youngest daughter created her first anime art — and it’s stunning!🤩
A reminder that creativity, when nurtured young, holds the power to change the world.🌐
Here’s her creation:
#NextGen#ProudDad#BouwB17
Millions urls, haxes, tx’s, SC’s, addresses, Hotwallets, Cex, Dex, Miltisig, etc, leaded to 12, those leaded to 3 those leaded to 1 with in total millions of stolen money transferred to exchange and 1 that redrawn to EOA!!
I’ve profiles, names and addresses
After months of research and tracing millions of routes and transfers from and towards Dex, routers, swaps and exchanges, I’ve reached an point where I can truly and factually say that this outcome has shocked me deeply!
But I have a endpoint match with 100% proof!
They are still draining the wallet… I’ve found out @protocol_fx assets what are looked is tried to steel… I can’t do nothing… can’t block them can’t take the assets pff
@chux13786509 This feature works, but handles unreliable SVG files as raw XML with default settings from ElementTree. Because SVG is executable XML, it poses a risk for attacks (such as XXE or DoS at the parser level). Checking file names doesn’t help.🤨
@chux13786509 The code looks functional, when look good and you’ll notice deeper security issue
The real risk may not be the code itself, but the trust given or exposure.
- keys leaked in commit history
- How JWTs are trusted and validated elsewhere
- roles, permissions, or internal trust
😉
@chux13786509 Not staring at bugs. I’ll look for the leverage. I find the place where the trust wall is to thick.
When it cracks or break, it's game over for everyone.
Amateurs try to pick the lock,
We just make the whole house irrelevant
My free tip: don’t just hunt for weird exploits, look for places where user input is trusted by default.
If an API automatically take roles, status or ID’s directly from the request without any real checks, you’re sure that you are onto something.
If the client can set it, the client controls it.
@P0eMPieDinges Weet je wat kwalijk is 100000den van nederlands origine die hun huis kwijtraken omdat ze de rekening niet kunnen betalen en zelf nergens recht op hebben zoals een statushouder
The don’t delete or literally “cover” because it’s too obvious, noisy and alarming. The don’t erase files, logs or anything. The stay hidden knowing what’s logged. This way they strategically make more “normal behavior “ what gets logged so there is many data what creates fog.
It’s not about covering its about looking normal even when your not.
Correct 👍
I’m busy at the moment with a deep compromised windows system. After a looonnggg time having little signs, issues, small stuff I’ve managed to partially identify this evil. Its stealthy, hiding, Disguise, manipulate, pretending as legally software. No malware/virus/rootkit scanner found it! only i followed the minuscule changes or flaws, odd behavior or patterns done by legally software/handlers who act almost similar. Most important thing was live manipulation of results displayed. This was seen by multiple people what ensured my suspicion.
Cobalt Strike / Empire / TrickBot / TurtleLoader
Process injection via sihost.exe and svchost.exe
Mini-filter scan failures
MPLogs: massive scan error / password protected
Living-off-the-land paths (ProgramData / vendor folders)
Defender: partially removed + fully monitored
Found Trojan:PowerShell/Wemaeye.D
Found Backdoor:JS/Chopper.GG!dha
Found Backdoor:PHP/Chopper.E!dha
Found Trojan:PHP/Chopper.A!dha
Found Backdoor:PHP/Chopper.G!MSR
Found Exploit:Python/CVE-2021-26855!dha
Found Exploit:Python/CVE-2021-16855!dha
Found TrojanDownloader:Win32/Banload
Found Virus:DOS/EICAR_Test_File
Found Trojan:Win32/CobaltStrike.TD!MTB
Found VirTool:Win64/CobaltStrike.D
Found Backdoor:MSIL/TurtleLoader.BSC!dha
Found Backdoor:PHP/Chopper.C!dha
Found Trojan:Win32/TrickbotCrypt.SS!MTB
Found Backdoor:MSIL/TurtleLoader.BSD!dha
A sort of APT infection
Ben gisteren teruggekomen van een gesprek met de gemeente. Gesprek ging over bijzondere bijstand aanvraag ivm lichamelijke beperking door werken als zzp’er. na 25 jaar keihard gewerkt te hebben, alles netjes betaald gehad kreeg ik te horen: omdat u vrouw werkt krijgt u niets.
Wij komen te kort om alles te kunnen betalen en leven ver beneden minimum standaard. En krijgen geen bijstand! maar 1km van mijn huis zijn 3000 vluchtelingen opgevangen. Hebben gratis eten, woning, leefgeld, zorg en educatie! Dat is toch krom?
Ken het! Ben sinds 15-12 jongstleden gedwongen mijn 12 jarige bedrijf op te doeken. Ook vanwege beleid en regelgeving! Echt te bizar voor woorden.
Confronterend zeker maar helemaal als je bedenkt dat alle maatregelen zijn getroffen voor het kapot maken wat hiervoor zo hard gepromoot werd. Tevens ook dat meeste geharkte gelden direct naar de immigranten gaat…
Sterkte en succes
I really appreciate the kindness and support.
I’m grateful to be part of this community and a team what’s working everyday on the projects or helping community members with problems.
You where the only team that helped me and still is helping me with an important issue. Only because they care about us. That’s why you’ll are the one who gets my gratitude and respect.
I’ll thank you all and for next year I’m hoping the be back again for an new chapter of amazing happenings. Merry Christmas and happy new year everyone 🫵
🧑🎄🤶🎄🥂🍾