Avrupa’yı da, Türkiye’yi de gömmeyeceğim, her ülkenin, her bölgenin avantajları/dezavantajları mevcut. Ancak şu var; insanlar doğdukları ülkeden göçmek gibi büyük bir kararı keyiflerinden almıyorlar. Gidip en mutlu olanı bile “neden bu şartlar, bu standartlar benim kendi ülkemde yok” diye hayıflanıyor. Abuk ve son derece yersiz Avrupa hayranlığı barındıran kesim bence çok çok az. Genel olarak gidenler üç aşağı beş yukarı neyle karşılaşacağını, hangi konularda zorlanacağını ya da neleri seveceğini biliyor.
Öte yandan, özellikle İlber’in nesli bu konuda hiç konuşmazsa çok mutlu oluruz. Sizin pespayeliğiniz sebebiyle bu ülke bu halde. Gençlere üstten üstten konuşup Avrupa boklayacağınıza “gençler neden bu ülkeden ‘kurtulmaya’ çalışıyor”un muhasebesini yapın.
ShiftDelete ofisinde yapılan bir toplantıda, Hakkı Alkan’a ait olduğu iddia edilen bir ses kaydı paylaşıldı.
"Oğlum devlet elinizde, devlete erişebiliyorsunuz. Markalara erişebiliyorsunuz. Hala y*rrağım gibi videolarla çıkıyoruz abi biz ne yaparız diye.."
@destanuzeyirr@cyfrin@PatrickAlphaC Great analysis! Attacks targeting developers and security researchers are becoming increasingly sophisticated. Even basic operations like git clone require caution. Thanks for sharing 🔥👌🏻👍🏻
I have couple things to say regarding this. First thanks @cyfrin and @PatrickAlphaC for all their efforts in educating the ecosystem.
Recently, I got a message from a person - who called himself Roman Shevchuk and asked me about if I am interested in any new job opportunities. Although I am a security guy, I wondered what it was about and what his purpose was. After some chatting he mentioned I am a good fit for their project and sent me the below repo. hxxps://bitbucket.org/ascentient_ecodev/artecommerce/src/main/
As I already know there are some phishing attacks over developers and security researchers, I told him that I will look into it. My aim was see what kind of attack they were planning.
I have carefully checked the url, it is a platform similar to github. After investigating the code, I noticed it was not related to web3 at all. It made me wonder why he sent me such a repo. After some searching I came across with original repo.
I am already aware of some vulnerabilities related to git clone itself. (CVE-2024-32002), So even cloning a repo that I don’t know could result with code execution on my system. For a detailed explanation of this vulnerability Amal wrote a wonderful blogpost which you can access here. https://t.co/uUQvPT2wRD
So I just spinned up a docker container to be sure. Installed git and copied repo to my container. First thing I was looking for was “exec” keyword. In my luck, I could easily come across in error.js file
When you see an obfuscated payload, you can decompile it using tools like https://t.co/AOCfFqjod2.
After reversing the js file, I noticed that it collects as much as information (wallets, browser logins etc) and uploads to their c2 server. Also it downloads some binaries but I did not reversed them.
Thats where I stopped going further. I did additional things to stop this but not sure if it will be work.
Best thing we can do educate people for now. Being a little cautious can protect us from attackers.
Thank you @PatrickAlphaC with your videos. I am pretty sure it helps many people.