#lookyloo — Public Fediverse posts

⚠️ Le 🎣 #phishing du jour : nouvelle vague d'attaques contre les gestionnaires de mots de passe 1Password

Le piège est classique mais efficace : créer l’urgence avec une “nouvelle connexion”, puis pousser le destinataire à se connecter sur le site controlé par les cybercriminels avec la procedure habituelle du gestionnaire via QR code.

Une fausse alerte de connexion pousse vers un lien SendGrid, qui rebondit via AWS S3 puis vers une fausse page 1Password sur un domaine look-alike "réveillé" pour l'occasion

[Chaîne observée+IoC signalé]
👀
⬇️
https://lookyloo.circl.lu/tree/11bdcec1-6c93-4e7c-827a-8d0e5ca16621

#CyberVeille #1Password #Lookyloo

After seeing a workshop using a crappy pseudo/proprietary forensic web capture toolkit for law enforcement, I was disappointed by the lack of open source tooling to have a sane forensic collection for web capture. Following a discussion with @rafi0t he did an implementation to add web forensic acquisition in @lookyloo including timestamping using DFN timestamping service. Thanks @dfncert

#lookyloo #forensic #dfir #webforensic #cyberforensic #lea #opensource

Online version: https://lookyloo.circl.lu/ (under action menu after the capture)

Source code:
https://github.com/Lookyloo/lookyloo

There's some cool sounding training on its way from @circl

CIRCL - Virtual Summer School (VSS) 2025

https://www.circl.lu/pub/vss-2025/

#MISP #AIL #LookyLoo #Lacus #Pandora #Kunai #DFIR #ThreatHunting #FlowIntel #Cerebrate #VulnerabilityLookup #GCVE

We deployed #LookyLoo yesterday and boy is it fun to use. Exploring phishing links has never been easier!

A huge thank you to nice people at #CIRCL for creating it: https://github.com/CIRCL/lookyloo

Keep in mind it's a simple solution and should most definitely not be deployed out in the wide Internets. Doesn't handle multi-user too well, and you really shouldn't throw a complicated site at it with Depth > 2. But for phishing links it's amazing.

Here's how it looks for mastodon.social.

#InfoSec