🔴 Potential MITM Attack Detected
Confidence: CRITICAL (90/100)
Service: Yandex
IP: 91.124.192.11
Location: London, United Kingdom
ASN: Unknown
ISP: None
Certificate Details:
- Subject: yabro-wbplugin.edadeal.yandex.ru
- Issuer: yabro-wbplugin.edadeal.yandex.ru
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Generic hosting provider
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (100/100)
Service: Yandex
IP: 82.22.15.16
Location: New York City, United States
ASN: AS7018
ISP: AT&T Enterprises, LLC
Certificate Details:
- Subject: yabro-wbplugin.edadeal.yandex.ru
- Issuer: yabro-wbplugin.edadeal.yandex.ru
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Unexpected country (United States)
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (80/100)
Service: Microsoft
IP: 222.138.4.210
Location: Zhengzhou, China
ASN: AS4837
ISP: CHINA UNICOM China169 Backbone
Certificate Details:
- Subject: *.s-microsoft.com
- Issuer: Microsoft RSA TLS CA 01
- Self-signed: No
- Expired: Yes
Indicators:
• Expired certificate
• Unexpected country (China)
• Generic hosting provider
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (90/100)
Service: Google
IP: 38.180.98.201
Location: Meppel, Netherlands
ASN: AS58061
ISP: Scalaxy B.V.
Certificate Details:
- Subject: ads.google.com
- Issuer: ads.google.com
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Generic hosting provider
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (90/100)
Service: Google
IP: 178.250.159.2
Location: Moscow, Russian Federation
ASN: AS29182
ISP: JSC IOT
Certificate Details:
- Subject: hestia.google.com
- Issuer: hestia.google.com
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Generic hosting provider
🟠 Potential MITM Attack Detected
Confidence: HIGH (70/100)
Service: Google
IP: 195.123.210.32
Location: Riga, Latvia
ASN: AS50979
ISP: GREEN FLOID LLC
Certificate Details:
- Subject: anality-google.com
- Issuer: E6
- Self-signed: No
- Expired: Yes
Indicators:
• Expired certificate
• Unknown certificate issuer
• Generic hosting provider
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (90/100)
Service: Google
IP: 123.176.98.119
Location: Tseung Kwan O, Hong Kong
ASN: AS133380
ISP: Layerstack Limited
Certificate Details:
- Subject: google.com
- Issuer: google.com
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Generic hosting provider
🔴 Potential MITM Attack Detected
Confidence: CRITICAL (90/100)
Service: Google
IP: 38.180.98.201
Location: Meppel, Netherlands
ASN: AS58061
ISP: Scalaxy B.V.
Certificate Details:
- Subject: ads.google.com
- Issuer: ads.google.com
- Self-signed: Yes
- Expired: Yes
Indicators:
• Self-signed certificate
• Expired certificate
• Generic hosting provider
💔📱 "Hey, let's hijack a dating app for cyber shenanigans because clearly, nothing says 'security prowess' like repurposing rejected Tinder knockoffs for nefarious deeds. 😅 Oh, the thrill of tedious #MITM #attacks and creating pseudo-C2 servers that no serious hacker would ever use. Truly, this is the cutting edge of cyber #innovation, right? 🙄"
https://mattwie.se/hinge-command-control-c2 #cybersecurity #datingapps #cyberhacks #HackerNews #ngated
@smaurizi Ma chi ci crede che siano E2EE? #MITM #MuskInTheMiddle
(Microsoft) myth: 99.9% of phishing is prevented by using MFA
See also (2019): https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124
![Zoomed in screenshot of hxxps://large-listening-838836.framer[.]app (this site is still live).
A fake login page for Luxembourg asking for:
1. user-ID
2. password
3. TOTP code](https://files.mastodon.social/cache/media_attachments/files/115/803/966/739/104/979/original/1219d602b07758ef.jpg)
Самодельный джаммер Bluetooth и Wi-Fi в радиусе 30 метров
В некоторых условиях в целях безопасности нельзя допустить подключение устройств по беспроводной связи. Например, на предприятиях, где высок риск утечки информации. Или чтобы гарантированно погасить следящие маячки типа Airtag вокруг себя. В таких ситуациях по специальному разрешению соответствующих органов используют подавители радиосигналов, в том числе Bluetooth/BLE и Wi-Fi. В образовательном проекте ESP32-BlueJammer на Github можно ознакомиться с устройством, которое гасит любой полезный сигнал в диапазоне около 2,4 ГГц с помощью генерации шума и бесполезных пакетов (DoS-атака). Примечание. Самовольное подавление радиосигнала незаконно в некоторых странах, поэтому схема изготовления устройства распространяется исключительно в образовательных целях.
https://habr.com/ru/companies/globalsign/articles/981328/
#Bluetooth #WiFi_джаммер #подавление_сигнала #ESP32 #Bluejacking #Bluesnarfing #MITM #следящие_маячки #Airtag #nRF24
@matv1 : ik begrijp het probleem niet. Druk gewoon zelf op zo'n shortcut-link. Zodra de browser "tot stilstand is gekomen" op de bedoelde website, kopieer je de link uit de adresbalk van jouw browser (mocht jouw browser nog steeds niet de echte link laten zien, dan ben je wel heel stom bezig door zelf zo'n browser te gebruiken).
Daarnaast wordt het verwijderen van mogelijk aanwezige tracking-gegevens aan de achterkant van de URL zeer op prijs gesteld (test zelf of de "geschoonde" URL nog werkt voordat je deze opneemt in een toot).
Zie ook https://todon.nl/@ErikvanStraten/115691692521844486.
Ich hab mal eine Frage zu #Cryptpad und ähnlichen Techniken...
Das Zeugs ist ja Ende zu Ende Verschlüsselt. #E2EE
Man kann ein Dokument oder eine Tabelle nur ansehen, wenn man die genaue URL kennt. Dann wird es im Browser entschlüsselt.
Und es wird gesagt, dass nichtmal der Hoster des Services eine Chance hat, einzusehen, was da in den Dokumenten drin steht.
Ich hab mir so ein Service noch nicht aufgesetzt um da mal genauer reinschauen zu können... Aber wenn ich die genaue URL kennen muss, um es im Browser entschlüsseln zu können, muss ich diese URL ja irgendwie auf einem Webserver in einem Logfile abgreifen können.
Das müsste ja mit einem #MITM Angriff auf eigener Infrastruktur klappen. Also wenn ich es jetzt anlege, herauszufinden, was meine User so auf meinem Server treiben, dann schalte ich einfach einen Proxy ganz transparent dazwischen... und schon hab ich die URLs und kann dann einfach damit über einen Browser reinschauen.
Insofern kann ich so einem Service wiederum auch nur trauen, wenn ich es selbst betreibe...
Oder lieg ich da falsch?
The challenge of evolving cyber threats demands constant skill improvement. JSAC2026, hosted by JPCERT/CC in Tokyo (Jan 22-23), is the premier technical exchange for security analysts. Featuring deep-dives from Cisco Talos & Unit 42 on new MitM frameworks, Phishing-as-a-Service, and attributing complex APT campaigns.
#SecurityLand #News #Event #Cybersecurity #ThreatIntelligence #IncidentResponse #JSAC2026 #JPCERT #APT #MiTM
Read More: https://www.security.land/jsac2026-cybersecurity-conference-tokyo/
HTTP Breakout Proxy - Le reverse engineering sans prise de tête
https://fed.brid.gy/r/https://korben.info/http-breakout-proxy-retour-outils-jetables.html
🚨 Supply Chain Attack Simulation on Drupal (PoC, not a CVE)
What if a malicious actor hijacked the update server for your favorite CMS?
I built a full lab scenario to demonstrate how it could happen — and how to defend against it.
🔬 Techniques covered:
MITM + rogue CA, fake update feeds, trojanized package → RCE & persistence.
Full doc + PDF PoC.
Full documentation: attack steps, scripts (in PDF), hardening tips
⚠️ Not a Drupal 0-day — this is a controlled, educational simulation for awareness and training.
💡 Why it matters
Supply chain attacks are no longer theoretical.
This demo helps Blue Teams, Red Teams, developers, and trainers strengthen detection, review processes, and update security.
Questions or feedback?
DM me or email me (contact in README).
All in lab, all safe
#cybersecurity #infosec #securityresearch #offensivesecurity #blueteam
#redteam #supplychainsecurity #drupal #websecurity #devsecops
#softwaresecurity #rce #mitm
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).
(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.
🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
