Blog
-
Inside a TxDMV Phishing Kit: Real-Time Card Skimming and Live 3DS Bypass
A technical teardown of a phishing site impersonating the Texas DMV. The Sailors kit, a Chinese-origin phishing framework sold on Telegram, streams keystrokes to the operator in real time over an encrypted WebSocket and defeats 3D Secure bank authentication through live OTP interception.
-
Therapists, Infostealers, and the Gap Between Policy and Practice
While processing infostealer logs, I found hundreds of credentials for mental health EHR platforms like SimplePractice and various patient portals, none with MFA enabled, all with access to patient PHI.