Online troublemakers hunt for revealing photos for fun trolls can use them for harassment and cybercriminals can use the threat of exposure to extort money from victims. Made public in Lightshot, those screenshots could spell serious trouble. Now, what if a confidential document is open, partially hidden under the application window? Or if someone shares a hilariously stupid work e-mail with a trusted friend, just for a laugh? Or someone shows off an intimate chat but forgets to blur names and addresses? Take, for example, an employee who snaps a screenshot of an interface to get help with setting up a new program. So what if screenshots enter the public domain? Who cares about sharing gaming records or jokes from work messages? Think creatively: Lightshot users can dox themselves in any of at least three very plausible ways. However, given that leaks of valuable information through Lightshot regularly make the news, clearly not everyone reads the fine print. Such openness is not a bug the service warns users that every uploaded image is public. A simple script for brute-forcing URLs and downloading content from them takes just a few minutes to write. Moreover, to view a screenshot, you don’t even need the exact link the URLs are sequential, so if you replace a character in one of them with the next in order, for example, another image will open. That makes the service fast and convenient but not very secure. It consists of an app for Windows, macOS, or Ubuntu and the prnt.sc cloud portal and lets users share screenshots quickly and easily: One click or shortcut sends an image to the cloud and returns an URL for sharing.Īnyone can see published screenshots without authentication you don’t even need a Lightshot account. Lightshot is a tool for creating, customizing, and quickly sending screenshots. Hard on the heels of scammers tricking Discord users by offering nonexistent coins on fake exchanges, inventing stories about lucky winners on fake news sites, and simulating helicopter money, a new scheme is exploiting Lightshot’s screen-sharing tool to get money from overly curious cryptoinvestors.
#Lightshot screenshot removed code
Static code analysis of sLoad ($ver=”2.9.Cryptocurrency scams seem to be gaining momentum by the day. New Emotet spam campaign (July, 2020): emotet, This is a list of articles and writeup I have uploaded so far:įinding IOCs in a malicious Excel VBA mcacro: Loki, I am mainly interested in malware and threat hunting, but also enjoy an occasional CTF. Of course reinventing the wheel has been proved to be illogical, so I write something the moment I am not able to find the exact thing I am looking for online: if I must study it/do it myself, I might as well put it online for everybody to take advantange of the same way I take advantage of others’ work, right? In a way, this is also what motivates me. I use the word experiment intentionally: of all the things that intrigue me the most about this sector, the opportunity to just try and see the results is particularly fascinating, be it malware analysis, coding or offsec. This is a very simple space I am going to use to upload the results of my experiments in the realm of infosec, so that they can be easily shared.
0 kommentar(er)
