box turtle
270 posts

box turtle
@xploitrsturtle2
I follow ToS Box turtle / canisterturtle / shai huturtle email service is down - uwu underground / icesolst has a safeword with me mum look Im on the news.
your aws key Katılım Mart 2026
19 Takip Edilen1.9K Takipçiler
Sabitlenmiş Tweet

@hasanbroked @intelkink @FBI Im not involved in you and caspers beef, not sure why he brought me up anyway... even so, you dont have anything on me because no one i work with has anything on me
English

@xploitrsturtle2 @intelkink @FBI I think it is better for both of us not to talk about things here - if you want to contact me, go ahead
English

@hasanbroked @intelkink @FBI we've been being hunted for months, what do you think this flash is doing?
English

@intelkink @xploitrsturtle2 cuckadoo look at this peon over here talking to me still after a @FBI flash on him and his entire group
English

A new competitor to TeamPCP & PCPJack?
An open directory hosted at 38.174.216[.]194 exposed 'Cloud AI Infrastructure Attack Framework' (CAI): a centralized botnet targeting Docker/Kubernetes/Redis/Ray Dashboards, etc. for credential theft and cryptomining.
CAI explicitly seeks out and kills TeamPCP and PCPJack processes, to further monopolize on compromised targets.
Pivoting on an SSH key comment (41832@CAI) embedded in cai_config.py, uncovered two additional nodes: 95.182.96[.]223 - recently identified by @Yusufcancakiir , and 120.26.46[.]187 first observed by @Huntio AttackCapture on 15 June.
This was a single operator across three IPs, using two different Monero wallets, both of which see daily activity.
The scripts on 95.182.96[.]223 are heavily inspired by the actors behind the cloud worm, using code comments like "PCPJack-aligned."
38.174.216[.]194 serves as a staging server, while 38.174.218[.]65:666 is the C2 endpoint.
This may be worth monitoring as additional threat actors seek to monetize on this type of activity.



English

@DoomsdayGoth @kernelstub its ok bro, just stick to it and you will learn something that will impress people eventually. everyone starts somewhere
English

@xploitrsturtle2 @kernelstub You are correct, I’m a beginner and tried to make something for fun and people are treating me like I’m stupid for doing this.
English

@kernelstub @DoomsdayGoth i just ignored it maybe they are super beginner and trying to make stuff
English

@DoomsdayGoth @xploitrsturtle2 They taking the piss?
English

Escalating from On-prem to Entra through MITM Attacks
My colleague @0x64616e just published his latest research on lateral movement between on-premises Active Directory and Entra through DNS hijacking. Check it out:
➡️ securitylog.sva.de/2026/offsec/es…
English

@FBICyberDiv R Dese Da Ass Holes What Attacked Da AUR ??
English
box turtle retweetledi

The FBI has issued a FLASH on the cybercriminal group TeamPCP, which has carried out large-scale software supply chain compromises by targeting widely used developers and security tools. The group has infiltrated victim environments and extracted sensitive data, including cloud access tokens, SSH keys, and Kubernetes secrets. TeamPCP has also engaged in extortion and collaboration with cyber actors from other threat actor groups, publishing victim names on a public leak site and threatening to release stolen data.
Read the FLASH for more on TeamPCP’s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and recommendations to protect your organization: ic3.gov/CSA/2026/26070…

English

@FBICyberDiv also they do humiliation tactics so girls on onlyfans or do porn again they see everything thats on your device so they put out photos and videos off people
English


@MosheTov i hope you guys dont catch the next in dev supply chain X)
English

@xploitrsturtle2 You keep on trying till you run out of cake ;)
youtu.be/Y6ljFaKRTrI?si…

YouTube
English
box turtle retweetledi





