The solution to Metamask phishing is very simple. It's generative art. When a user sets the extension up, they choose from a few generated themes (accent colors, shapes, patterns) which stay unique for that user. A phishing window won't be able to replicate those.

Cobalt Strike, a Defender's Guide - Part 2 ➡️In this report we talk about domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more. Big shout-out to Kostas for helping put this together! thedfirreport.com/2022/01/24/cob…

My first write up & one on a #Metamask attack vector How to hack the Vault & steal the seed phrase - > Threat Actor pops shell > Steals Vault > Cracks password w #Hashcat > Reveal seed phrase via Decryptor medium.com/@hackjalstead/… #DeFi #Crypto

1/ This needs to be shared 0xsifu is the Co-founder of QuadrigaCX, Michael Patryn. If you are unfamiliar that is the Canadian exchange that collapsed in 2019 after the founder Gerald Cotten disappeared with $169m I have confirmed this with Daniele over messages.

Bruh the levels of this Phishing scam. Web3 introduces some mad Threat Vectors

Invisible Friends phishing via Facebook Ads with decent engagement levels. Note the double 'i' in URL, the domains only been alive for 12 days Luckily not fully active it redirects to a 2nd site serving 307 temp redirect to legit MetaMask likely while they rejig infrastructure

If you're going to Phish, at least don't leave your site configs & creds zipped in the root directory🤦 - support-metamask-connect[.]com - 104.21.18.53 Cloudflare #phishing #MetaMask

It's time to up our infosec shitposting game (listen with audio)

Need to investigate a Phishing link full of redirects & obfuscation? The unfurl tool by Ryan Benson is great for expanding & graphing links to provide a true visualisation of the URI dfir.blog/unfurl/ #dfir #infosec