tmctmt

44 posts

tmctmt

tmctmt

@tmctmt

23

Katılım Nisan 2026
49 Takip Edilen841 Takipçiler
vxdb
vxdb@vxdb·
26 year old Callum Dare, A/K/A Chanz, admin of a Neo-Nazi Swatting group and DeadNet (Doxbin) was arrested today
vxdb tweet media
English
22
30
305
29.1K
International Cyber Digest
International Cyber Digest@IntCyberDigest·
❗️ A US bankruptcy judge has approved a $46.75 million settlement for the 23andMe breach, which happened in 2023 and exposed genetic and personal data of an estimated 6.9 million customers. Plaintiffs originally sought $48 billion, and court records show individual awards run from $50 to $10,000 depending on harm. The fight is not over. California AG Rob Bonta is still suing, accusing the company of ignoring warnings its systems were compromised, and arguing bankruptcy courts should not become "a haven for wrongdoers."
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
6
36
214
19.8K
tmctmt
tmctmt@tmctmt·
@GooningOnTumblr @vxunderground this is plausible, they had known his identity and the fact that he had a Microsoft account for years before the ngrok even came into the picture.
tmctmt tweet media
English
0
0
7
333
Mersh
Mersh@GooningOnTumblr·
@tmctmt @vxunderground Probably synced a history entry that had a valid token or other cred in the URL
English
1
0
2
353
vx-underground
vx-underground@vxunderground·
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDID unique to each device > GDID only change if OS wiped > Stokes GDID 6755467234350028 > GDID reported internet activity to Microsoft > GDID showed Stokes using Ngrok > GDID reported Stokes IP address > GDID showed Stokes web activity > GDID showed timestamps of web activity > GDID mapped with video game activity > GDID showed games played > GDID undocumented > GDID only mentioned in one MSDN document > Azure UCDOStatus > Azure Monitor Logging
vx-underground tweet media
English
255
1.4K
10.9K
1.3M
tmctmt
tmctmt@tmctmt·
@dcuthbert also when the device id is first brought up in the document, it doesn't say "according to ngrok records", it says microsoft records, which is weird because why would ms have account records for an independent website?
tmctmt tweet media
English
1
0
20
1.3K
tmctmt
tmctmt@tmctmt·
@dcuthbert why was microsoft able to retrieve his browser history, did he use edge with sync, lol?
tmctmt tweet media
English
4
3
60
12.2K
Daniel Cuthbert
Daniel Cuthbert@dcuthbert·
He created the ngrok account from a VPN proxy, but the device fingerprint still survived. The complaint specifically says the ngrok account was created from a Tzulo VPN proxy IP, yet the GDID still tied the session back to him. this indictment is a goldmine of detection stuff
Daniel Cuthbert tweet media
English
20
82
877
69.9K
tmctmt
tmctmt@tmctmt·
@vxunderground but what's the connection between them? one successfully drained millions of dollars, the other ran a smear campaign with AI hallucinated vulns and public data. If you're gonna hack polymarket you're gonna do it to get rich, not to seek vengeance for a larper.
English
0
0
1
8.8K
vx-underground
vx-underground@vxunderground·
I FUCKING KNEW IT. I saved a file on my computer called "do_not_delete". It was on April 28th, 2026. Polymarket was mocking people for discussing whether or not Polymarket was compromised (in fairness, it wasn't), however Polymarket mocked Threat Actors, indirectly boasting their cybersecurity capabilities. I publicly stated it was a bad idea to taunt Threat Actors because taunting them is a recipe for disaster, additionally they're a large organization with a large target on their back. IT FUCKING HAPPENED. I TOLD YOU. I TOLD YOU. Anyway, "told-you-so" aside, I am willing to gamble this is not the first time, or the last time, Polymarket or Polymarket users are targeted. This is only the beginning. How do I start a Polymarket prediction thingy on Polymarket being compromised?
vx-underground tweet mediavx-underground tweet media
Polymarket Traders@PolymarketTrade

This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.

English
71
405
7.6K
1M
tmctmt
tmctmt@tmctmt·
"yeah you can bypass the pin, you just have to soft brick the victim's install and wait for them to leave the machine unattended again" aside from alerting the victim that their pc likely has been tampered with, what does this accomplish that a hardware keylogger wouldn't?
tmctmt tweet media
tmctmt@tmctmt

@xcopydotexe It affects TPM+PIN if you choose to believe the author (despite not providing any proof of this). If you're fine with ditching TPM, then the password key protector is functionally the same as VeraCrypt, without the diabolical disk perf downgrade. learn.microsoft.com/en-us/windows-…

English
0
0
1
510
tmctmt
tmctmt@tmctmt·
@vxdb it does the same thing on twitter. i suspect it's because of login walls, though i don't know which specific google service would require it
tmctmt tweet media
English
2
2
172
15.1K
vxdb
vxdb@vxdb·
Why is there a signed in google account on ArchiveToday??
vxdb tweet media
English
26
53
3.8K
259.8K
tmctmt
tmctmt@tmctmt·
the context being that i have a target that generates deterministic identifiers like this in place of PII. i've already tried murmur2/3 across every seed with no success. figures it's something proprietary, but i wanted to see if anyone here has other ideas.
English
1
0
1
228
tmctmt
tmctmt@tmctmt·
does anyone recognize a hash algorithm that maps strings into unsigned 32-bit ints, but stays within a 2^31 range, especially in ruby?
English
2
0
5
585
tmctmt
tmctmt@tmctmt·
@h4x0r_dz it's weird because they explicitly promise not to train LLMs on 'customer or researcher data', but that phrasing suggests they don't train on public reports either.
tmctmt tweet mediatmctmt tweet media
English
2
0
2
467
H4x0r.DZ 🇰🇵
H4x0r.DZ 🇰🇵@h4x0r_dz·
HackerOne already stole all the researchers’ reports to build their AI agent, while they keep lying to us. they’re openly bragging about using 12+ years of real-world vulnerability data + your prior H1 Bounty findings to train their Hai agentic AI system. They built specialized recon, scanning, and exploit agents that follow the exact same workflow real researchers use at machine scale. All that knowledge researchers poured into the platform for years? Now it’s powering their proprietary AI product. And they still act like they’re the good guys protecting the hacker community. Fuck HackerOne. Stop feeding the machine that’s going to replace you. hackerone.com/product/h1-con…
H4x0r.DZ 🇰🇵 tweet media
English
18
23
233
14.2K
tmctmt
tmctmt@tmctmt·
To clarify, the issue isn't a lack of encryption for DNS queries. The traffic is already encrypted at the tunnel layer and it stays in Mullvad's intranet. The real issue is that Chrome *thinks* it's insecure, which triggers it to turn off a privacy feature.
English
0
1
15
925
tmctmt
tmctmt@tmctmt·
I was wondering why Chrome was refusing to use ECH on websites where it works just fine in Firefox. It turns out Chrome only enables ECH if your system DNS server supports DoH. If you use Mullvad, its internal DNS servers are plaintext only.
tmctmt tweet mediatmctmt tweet mediatmctmt tweet media
English
3
5
77
11.1K
tmctmt
tmctmt@tmctmt·
@soft_fox_lad I noticed that deleted pages on bing tend to stick around for much longer compared to google (too bad they removed cached pages), but that's likely a byproduct of bing's (much) smaller global crawling budget
tmctmt tweet media
English
0
0
0
79
fox
fox@soft_fox_lad·
@tmctmt rare miss...it's just a bing frontend and the bangs are an extra character over firefox's built in equivalent 😔
English
3
0
10
475
tmctmt
tmctmt@tmctmt·
@TResearchoor 15% of users may have a mac user agent, but how many of them are also going to share the same Mullvad bucket? Probably just one.
English
0
0
0
61
tmctmt
tmctmt@tmctmt·
@TResearchoor It lets you rule out 99% of users. You still need a second clue to identify your target from the remaining 1%, but that's a lot different from trying to find them using only that clue across the entire suspect pool.
English
2
0
0
69
tmctmt
tmctmt@tmctmt·
@TResearchoor at which point it's trivial to identify the person you're looking for.
English
0
0
0
118
tmctmt
tmctmt@tmctmt·
@TResearchoor There are only so many Mullvad users on any given website, and that number gets diminishingly small on anything less than social media. Given enough IP logs, a list of a thousand Mullvad users could conceivably be boiled down to just 3 based on seed range
English
2
0
3
325