Synthient

New Research Piece: Socks5Systemz: Lives On Socks5Systemz lives on as ProxyBox, infecting Windows devices via pirated software to build a 31K+ IP address proxy network targeting enterprise financial sectors. synthient.com/blog/proxybox-…

Synthient Helps Disrupt World's Largest DDoS Botnet The U.S. Department of Justice, in coordination with international law enforcement, has announced a major operation to disrupt the infrastructure of four of the world’s largest IoT botnets, including Aisuru and Kimwolf. Together, these botnets hijacked over three million devices worldwide to launch record-breaking Distributed Denial of Service (DDoS) attacks. The Kimwolf botnet specifically targeted devices traditionally firewalled from the broader internet, enslaving them to act as proxy traffic for criminal networks and launch attacks reaching up to 30 Terabits per second. Synthient is proud to have contributed to the DOJ's efforts. By identifying active exploitation, sharing malware samples, and coordinating disclosures with impacted parties, we helped neutralize this threat. We remain dedicated to making the web a safer place and are grateful to have played a role in this historic takedown. Link: justice.gov/usao-ak/pr/aut…

.@synthient Thank you for gifting us Twitter Premium or whatever its called, here's a cat pic in return

@Xlab_qax 😆 They are not fans of the research we've been told.

You have been attacked by a new sample from the #Kimwolf group.

We are actively being DDoS'd given the publication of this research. We apologize if the website is offline.

As part of our latest research we sent out 11 vulnerability disclosure notifications to the largest proxy providers. The scope involved millions of exposed devices, contributing to the growth of the worlds largest DDoS botnet. synthient.com/blog/a-broken-…

synthient.com/blog/ipcola-a-… A look into the internals behind a large-scale proxy operation, from the sourcing of IPs to the platform itself. How proxy providers utilize everything from TV boxes to free software for building out a pool of unique proxies.

@UK_Daniel_Card Send us an email contact@synthient.com

@LaBuse56 @troyhunt @haveibeenpwned The blogpost from our end. synthient.com/blog/the-steal…

@troyhunt @haveibeenpwned Now I need to understand how I ended up in this DB. I do not recall subscribing there... Interesting. Thanks anyway for the notification!

This has been an extraordinary set of data to process: 1.3B unique passwords, 2B unique email addresses (including mine 😭) and almost 3M of our @haveibeenpwned subscribers in there. It’s been weeks of processing to get this loaded, and finally, it’s done troyhunt.com/2-billion-emai…

Part 2 is live, making it the first billion+ corpus on the platform. 2.5x in size from Collection #1

@troyhunt @haveibeenpwned 🤝

@axolytea @vxunderground Mysterium lacks any serious regulation and is known to be used by non KYC proxy providers.

@vxunderground Yeah i'd never do this but if I did I'd use mysterium because at least you can set your own prices and it costs people more money to abuse. Instead of paying $1k out of pocket for this you'd pay $970. IIRC they even have limited abuse detection in place

This guy was selling his residential bandwidth for side money using a company called "Salad" He received a legal letter from Netflix stating they believe his IP address to be responsible for a credential stuffing campaign Do not do this. reddit.com/r/SaladChefs/s…

With support from @synthient, we've just pushed out a corpus of 183M stealer log victims to @haveibeenpwned. We'd never seen 16.4M of those before, either, so there's a lot of new stuff in there, and that's just the first part. More here: troyhunt.com/inside-the-syn…

We collaborated with Have I Been Pwned in this latest piece of research to report several billion stolen credentials. Part 1 of the corpus is live on their platform and we've released a blogpost detailing our side of the research. synthient.com/blog/the-steal…

GhostSocks: From Initial Access to Residential Proxy synthient.com/blog/ghostsock…

Also massive thanks to @g0njxa and his coverage of the LummaStealer // GhostSocks relationship. This contributed significantly to the research in this blogpost.

👻 New Blogpost: GhostSocks - From Initial Access to Residential Proxy We dive into how GhostSocks evolved into a MaaS, its role in ransomware, residential proxies and the internals. Read more here: synthient.com/blog/ghostsock…

This spans over 100+ different proxy providers covering both public and private pools.

Residential proxies pose a notorious risk to online platforms. Malicious actors frequently use them to obscure their fraudulent behavior. This latest release aims to rethink how we combat residential proxies. synthient.com/blog/synthient…