A fake Discord bot website (https://captcha-bot[.]io) used a malicious bookmark to execute JavaScript on discord.com, stealing user data (username, ID, email, token) and sending it to a now-disabled webhook. Verify website legitimacy and avoid running unknown JavaScript.
Malicious actors used a highly forked Replit project to run Linux executables that drove "undetected-chromedriver" to repeatedly visit websites with the Arc.io widget, likely for revenue generation. Their Replit activity also indicated potential Discord token theft.
TokGrabber, a MaaS for stealing credentials, uses unique executables and encryption. Analysis involved dynamic execution and decryption. A basic Yara rule identifies it by a unique string.
Xmas CTF 2019 CTF write-up details solving six web challenges, covering MySQL comment injection, HTTP Parameter Pollution for captcha bypass, a complex SSTI exploit with blacklisting, and the unexpected technique of CSS Exfiltration. Key learnings and resources are included.
Teradek and Livestream devices have RCE vulnerabilities (CVE-2020-27685, CVE-2020-27686) in their firmware upgrade process due to unsanitized HTTP URLs. This allows command injection. Livestream devices also have an exploitable SSH server. PoC available on GitHub.