Threat Hunting

I Accidentally Logged as Admin Into a Threat Actor Website

I Accidentally Logged as Admin Into a Threat Actor Website

Introduction Most cybersecurity investigations start with an alert. This one started with curiosity. While scrolling through X (formerly Twitter), I came across a post discussing a suspicious website that appeared to be distributing software downloads. At first glance, it looked like another fake download portal. But after spending several hours investigating it, I found myself doing something I never expected: I accidentally logged into the threat actor’s dashboard. This article documents …
How I Get Access ClickFix Dashboard Due to Bad SecOps

How I Get Access ClickFix Dashboard Due to Bad SecOps

Introduction That afternoon, one of my monitoring teammates casually mentioned a new alert: “Why is this user opening a Polygon crypto website?” That immediately caught my attention and I suspected the user had accessed a website infected with ClickFix. The suspicion became stronger because the user was not from the IT team and had no known involvement with cryptocurrency or Web3-related activities. In addition, a few days earlier we had investigated another incident where a user accidentally …