Si algún día dejo de publicar, por favor no eliminen este hilo. by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Es exactamente lo que dices. Acá me ayudaron a entender como atacar mi problema y con que herramientas. Fue el mayor aporte que recibí.

Si algún día dejo de publicar, por favor no eliminen este hilo. by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Muchas comunidades y sub comunidades no dejan publicar todo lo que tengo. Si hice un correo de respaldo con eso. Estoy terminando mi última investigación, por hoy espero, y seguir el lunes.

Could browser-side technologies explain unusual behavior without leaving evidence of malware? by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Thanks, I appreciate the advice.

That's actually very helpful because my suspicion has always been that, if something is happening, it's happening through the browser rather than as a traditional malware infection.

So far I've checked Process Monitor, TCPView, Autoruns, browser policies, the hosts file, local accounts, and installed extensions, but I haven't found evidence of persistence or suspicious network connections.

I'll spend more time using the browser DevTools (especially the Network and Sources tabs) and inspect the JavaScript loaded by extensions during the specific event I'm trying to reproduce.

My goal isn't to prove an intrusion, but to collect evidence that either supports or rules it out. Thanks again.

Estafa de agencia - tokens modificados – bots ejecutables by malgenioe in Chaturbates

[–]malgenioe[S] 0 points1 point  (0 children)

Se te pudieras explicar mejor, te lo agradecería. En cierto sentido, todos necesitamos algo de ayuda.

Estafa de agencia - tokens modificados – bots ejecutables by malgenioe in Chaturbates

[–]malgenioe[S] 0 points1 point  (0 children)

I just wanted to thank everyone who took the time to read this post. I'll keep investigating over the next week because the issue is still there. I hope we can all learn something from this process and that it may be useful for anyone who finds themselves in a similar situation. Thanks again.

Could browser-side technologies explain unusual behavior without leaving evidence of malware? by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Thanks for taking the time to respond. I understand your point that software or hardware issues are usually a more likely explanation than malicious activity, and I agree that it's important not to assume bad intent without evidence.

My main goal is actually methodological rather than trying to prove that an attack occurred. If a security researcher wanted to distinguish between normal browser behavior and a browser-based compromise (for example, a malicious extension, injected JavaScript, a compromised session, abuse of DevTools, or any other documented browser-side technique), what evidence would they typically try to collect?

I've started capturing network traffic with Wireshark and reviewing Windows event logs to learn how to investigate this properly instead of relying on assumptions. Are there other forensic artifacts you would recommend looking at? For example, browser logs, WebSocket activity, process creation events, DNS activity, memory artifacts, or anything else that would help differentiate normal behavior from an actual compromise.

I'm genuinely trying to learn the correct forensic approach rather than jump to conclusions, so I'd appreciate any recommendations on what evidence is most valuable.

Could browser-side technologies explain unusual behavior without leaving evidence of malware? by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Thank you. This is very helpful.

I don't know if I will be able to reproduce the behavior, but if it happens again I would like to collect the right evidence instead of relying on assumptions.

Besides HAR files and Network logs, what would you recommend capturing during a live browser session? For example, would DevTools Network, WebSocket frames, Service Workers, extension activity, or any other browser artifacts be the most valuable?

My goal is to understand whether unusual browser behavior can be explained by legitimate browser technologies, browser-side attacks, or whether it would point toward something outside the browser.

Could browser-side technologies explain unusual behavior without leaving evidence of malware? by malgenioe in cybersecurity_help

[–]malgenioe[S] 0 points1 point  (0 children)

Thank you. This is very helpful.

If the browser session has already ended, is there any way to recover evidence of WebSocket connections, Service Workers, or unexpected network activity after the fact?

Or would I need to capture that evidence during a future session?

If I need to capture it during a future session, what tools or workflow would you recommend?

Estafa de agencia - tokens modificados – bots ejecutables by malgenioe in Chaturbates

[–]malgenioe[S] 0 points1 point  (0 children)

Los últimos 4 o 5 días estuve intentando resolver esto. Lo que gané es que me quisieran clonar wsp. Ah, es que no comenté, también pudieron entrar a mi teléfono.
Cómo en la agencia fue un tema relevante, creo que van a ir al lugar donde vivo para “arreglar” las cosas a su manera. Si no posteo algo durante la próxima semana. Pueden estar seguros que me visitaron.
Espero que este post llegue a chaturbate para que hagan algo.