frazier
frazie.bsky.social
frazier
@frazie.bsky.social
just a full-stack developer working up to cybersecurity and cloud
the code gets a lot of data from the local devices but I am very tempted in creating a reverse shell file and actually having it sent amongst other fake files to this threat actor to see what I can get in return
November 28, 2024 at 2:33 PM
now here, this is how the code works when destructred. I can now see why the 'os', 'fs' and 'path' packages were hidden within the codebase (allways through the packages file guys!!!)
November 28, 2024 at 2:33 PM
but thank goodness I have an affinity to security, lest I would have been a victim waiting for a potential client🤣🤣🤣
November 28, 2024 at 8:32 AM
let me continue engaging my contact to see what they have to say after ensuring I can run their 'project' without risking my data...OOOh also they said they got my profile off of github, which is somewhat right
November 28, 2024 at 8:32 AM
guess what, the dll file was being prompted, not once but severally but it failed...also, rather than use the [x] or close buttons, I simple right clicked and used the mouse for this...you never know what these may do in the background....
November 28, 2024 at 8:32 AM
also, while carrying out this analysis, I deleted sections of the code and the dll file to see what happens next (I chose to risk this after closing almost everything and clearing several cookies and histories)..
November 28, 2024 at 8:32 AM
so I comment out this section and more while researching what the code does.. behold, I found it,,,all the specs of my machine and then sends these to the remote server
November 28, 2024 at 8:32 AM
sneaky people had the hidden the executing code within the 'tailwind.config.js' file...I almost burst out laughing as to how they did this. They simply tabbed the space out of view and dumped everything there. Thank goodness for any file I open I usual 'alt+z' the hell out of it.
November 28, 2024 at 8:32 AM
Then I extended the investigation to see what packages are used in this project.

it was a basic nextjs project but on further investigation I see 'fs' and 'os' packages

I then search through the codebase to see where they are use
November 28, 2024 at 8:32 AM
but curiousity got the better of me and I said lemme just look through the files..

I clone it, open my editor and alas!!! the first red flag was a dll file....I know this is not normal because who develops a webapp and attaches a dll file
November 28, 2024 at 8:32 AM
at the moment it is for interest...but I plan to get it on for work through the course of next year after I have some fundamentals locked in
November 18, 2024 at 8:39 AM
not actually coding but learning google cloud cybersecurity and AWS solutions architecture
November 18, 2024 at 8:08 AM