On Fri, 19 Feb 2021, Giovanni Bechis wrote:
On 2/19/21 1:09 AM, John Hardin wrote:
On Thu, 18 Feb 2021, Giovanni Bechis wrote:
On 2/18/21 6:37 PM, Ricky Boone wrote:
Just wanted to forward an example of an interesting URL obfuscation
tactic observed yesterday.
https://www.google.com/url?sa=
On Thu, 18 Feb 2021 16:08:01 -0800 (PST)
John Hardin wrote:
> In our case it's best to upload an entire email (all headers intact
> and with as little obfuscation as possible) to something like
> Pastebin, then post the URL to that here so it can be downloaded.
...
> For just URLs, though, examp
On 2/19/21 1:09 AM, John Hardin wrote:
> On Thu, 18 Feb 2021, Giovanni Bechis wrote:
>
>> On 2/18/21 6:37 PM, Ricky Boone wrote:
>>> Just wanted to forward an example of an interesting URL obfuscation
>>> tactic observed yesterday.
>>>
>>> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web
On Thu, Feb 18, 2021 at 7:08 PM John Hardin wrote:
>
> In our case it's best to upload an entire email (all headers intact and
> with as little obfuscation as possible) to something like Pastebin, then
> post the URL to that here so it can be downloaded. This keeps the spample
> from being modifie
On Thu, 18 Feb 2021, Giovanni Bechis wrote:
On 2/18/21 6:37 PM, Ricky Boone wrote:
Just wanted to forward an example of an interesting URL obfuscation
tactic observed yesterday.
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%
On Thu, 18 Feb 2021, Ricky Boone wrote:
Nice. I've copied scrubbed versions of what I've seen so far here:
https://gitlab.com/-/snippets/2079108 (I can never remember if it is
appropriate to include attachments to mailing lists like this).
In our case it's best to upload an entire email (all
Nice. I've copied scrubbed versions of what I've seen so far here:
https://gitlab.com/-/snippets/2079108 (I can never remember if it is
appropriate to include attachments to mailing lists like this).
On Thu, Feb 18, 2021 at 1:13 PM Giovanni Bechis wrote:
>
> On 2/18/21 6:37 PM, Ricky Boone wrote
On 2/18/21 6:37 PM, Ricky Boone wrote:
> Just wanted to forward an example of an interesting URL obfuscation
> tactic observed yesterday.
>
> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Fwww.tehminadurranifoundati
Just wanted to forward an example of an interesting URL obfuscation
tactic observed yesterday.
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Fwww.tehminadurranifoundation.org%252F1%252F1%252Findex.php%26sa%3DD%26snt
