@__noided profile picture
noid @__noided

Slopsec connoisseur

Joined May 2025
  • Tweets 568
  • Following 467
  • Followers 183
200 Photos and videos
Pinned Tweet
noid
@__noided
28 Nov 2025
Announcing my rejected talk for @bsidespyongyang: Is that "web3 enthusiast" follower with the anime PFP acting suspicious? Find out if you have confirmed North Korean followers at dprkdetector.app.

DPRK Detector - How North Korean is your Twitter feed?

Are you a Western spy or a Supreme Leader sympathizer? Analyze your X (Twitter) connections to North Korea-related accounts now.

dprkdetector.app
9
8
52
18,587
noid retweeted
albina
@enjojoyy
May 19
Scam alert🚨 A fake account of one of @EthPrague organizers reached out to me and asked to join a workspace Some people I know also got targeted from other fake accounts Be extremely careful and never copy and run scripts that you don't know, even if they're from "Google".
9
2
18
3,451
noid
@__noided
May 18
>hacker "did something" >The money is gone Thank you for attending my PM
Tay 💖
@tayvano_
May 17
Replying to @tayvano_
lmaooooooooooooooooo "we're not a casino" doesn't make up for your atrocious post-mortems (regarding summer 2021 exploit #2...or maybe #3. this one 0x3a196410a0f5facd08fd7880a4b8551cd085c031)
2
54
noid
@__noided
May 16
I get a lot of mileage out of searching for just a bit larger Levenshtein distance for similar packages. Not really practical for an enterprise deployments but you get a lot of good candidates > 2-3 chars. pulse-axios - malware on NPM Eval.js has an unobfuscated loaded.
1
2
91
noid
@__noided
May 16
5 hours old. Detected by @SocketSecurity as malware. @sonatype flags as suspicious but not malicious.
1
52
noid
@__noided
May 14
Another one from the same family - not detected by @sonatype or @SocketSecurity yet (env-threads) Same C2 npmjs.com/package/env-thread…

noid
@__noided
May 12
NPM Malware Alert - npmjs.com/package/env-nodejs All versions drop a Windows stealer. Still live on NPM right now. Your pnpm cooldown scripts might not stop this - first commit was a month ago. IOCs: - emphasis-friday-even-administrator<.>trycloudflare.com/download/e…
1
1
129
noid
@__noided
May 14
There should be no less than a dozen yara rules firing on this. Looks like regular obfuscator.io patterns. Huge entropy. Node OS shelling.

JavaScript obfuscator tool

Powerful JavaScript obfuscation tool to protect your source code

obfuscator.io
1
39
noid
@__noided
May 12
I stepped away for lunch today and used Codex /goal to deploy my web service, but my VPN timed out somewhere in that window. Because Codex was connected to Slack MCP it sent a message to several channels, and then later, DMs. I disconnected everything so fast, huge wtf moment.
75
noid
@__noided
May 12
NPM Malware Alert - npmjs.com/package/env-nodejs All versions drop a Windows stealer. Still live on NPM right now. Your pnpm cooldown scripts might not stop this - first commit was a month ago. IOCs: - emphasis-friday-even-administrator<.>trycloudflare.com/download/e…
1
218
noid
@__noided
May 12
I found references to this package on Github. It looks like it's being used as part of a fake project scam. If someone asks you to clone a random repo to do something, don't!
1
51
noid
@__noided
May 12
Sandbox: app.any.run/tasks/b2a261e3-7… hybrid-analysis.com/sample/9…

Analysis https://emphasis-friday-even-administrator.trycloudflare.com/download/epsi Malicious...

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run
1
25
noid
@__noided
May 5
I got a cold DM on Telegram to be on a security podcast... But it was fake. Here's how it unfolds. Presumably they found me from my EthCC talk and analyzed my X bio and my last few posts. It didn't make a ton of sense but I figured I'd play along. 🧵
1
98
more replies
noid
@__noided
May 5
Sadly I didn't get a chance to get the malware. I booked a slot but ghosted it and never got a followup, which is very unusual for a real podcast.
1
24
noid
@__noided
May 5
For those of you investigating a suspicious DM, here are the indicators: Reece Rogers @ ReeceHODLx (568236078) Zoe Schiffer (@ Zoe_Schiffer) (8542625522) Simon Polrot (@ simonpolrot) (8216216039) luma.com/9jf4yvhj calendly.com/nowmedia-podcas…

Blockchain Explorer Podcast. Slopsec, Drainers & The AI Agent Security Crisis · Luma

Blockchain Explorer Podcast. Slopsec, Drainers & The AI Agent Security Crisis In this episode of Blockchain Explorer (powered by nowmedia), we move past the…

luma.com
41
noid
@__noided
May 2
Some ideas: EDUCATION - @theredguild qf.giveth.io/project/the-red… - @cyfrinupdraft qf.giveth.io/project/cyfrin-… - @defihacklabs qf.giveth.io/project/defihac…

Giveth
@Giveth
Apr 23
If you’re tired of watching exploits dominate the timeline, this is your moment to act. The Ethereum Security QF Round is LIVE! Support the people and projects securing Ethereum and its L2s. 500 ETH (~$1M ) in matching from @thedaofund. Explore & donate: qf.giveth.io/qf/ethereum-sec…
2
1
8
712
more replies
noid
@__noided
May 2
@_SEAL_Org : SEAL 911 qf.giveth.io/project/seal-91… SEAL Intel: qf.giveth.io/project/seal-in… SEAL Frameworks: qf.giveth.io/project/seal-fr…

1
60
noid
@__noided
May 2
Take 15 minutes and donate!
1
1
4
242
Load more