mr.d0x

FileFix - A ClickFix Alternative mrd0x.com/filefix-clickf…

🚨 A fake CAPTCHA is all it takes. Interlock ransomware is back—now pushing a stealthy PHP RAT via “FileFix,” a spin on ClickFix that hijacks File Explorer. Targets? Everyone. Tactics? Evolving fast. Here’s what they’re hiding behind Cloudflare Tunnels ↓…

I want to share my opinion on @GuidedHacking When GuidedHacking acted as a sponsor for vx-underground I received small amounts of criticism for it, primarily because GuidedHacking was accused of "stealing content". I can assert with 100% confidence this is not true. It is not…

Chat, I don't wanna brag, but Black Mass Volume III is going crazy - Number 1 best-seller on Amazon (trending). We managed to pass the "Cybersecurity for Seniors" series - Insane amounts of cash flowing in. We might buy a Porsche or two from the sales

I didn't want to drop a new *Fix naming variant on you guys, but there you go. All jokes aside, it was a great collab with @Octoberfest73. Awesome person and really helps you push the limits when researching and testing💪

People have asked me who are cool and badass people to follow. Here is the all-star roster of researchers I love to follow: - @domchell, he is less "researcher" now, but he runs MDSec and he has a collection of brilliant researchers. He retweets a lot of really cool papers and…

🚨 Evilginx Pro 4.2 UPDATE 🚨 My priority for this update was to directly address your valuable suggestions and feedback from @x33fcon. Thank you for all the support - your feedback goes a long way in making Evilginx Pro better with every update. 💗 Happy phishing! 🪝🐟

We are proudly sponsoring the Game Hacking Village at DEFCON again this year! It will be bigger and better than ever! Get HYPED!!

⭐️ Game Hacking Village at DEFCON33 📅 August 8-10 2025

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Threat actors have wasted no time operationalising the FileFix technique 📁⚠️ 📚Check out our latest blog on detecting and preventing FileFix: blog.delivr.to/filefixed-dete…

A new clickfix technique, FileFix, developed by @mrd0x, is being used in the wild—poorly. Website tersmoles[.]com delivers a "Legitimate Chrome Installer" using FileFix. The attacker didn’t even change the path and filename—just copy-pasted code directly from demo website

First FileFix that I've seen in the wild:

Late to the party but another video to demo the "FileFix" trick that @mrd0x wrote about, leveraging the address bar in Windows file explorer to run a command and potential payload -- with the ClickFix playbook just instructing an end user to run malware 🙃 youtu.be/Vz2ak0YW_L4

A follow up on last week’s FileFix blog. FileFix (Part 2) mrd0x.com/filefix-part-2/

Fresh video out on a new ClickFix variation, named FileFix by @mrd0x 💻 youtube.com/watch?v=k2jrOE…

Guided Hacking being cited next to Geoff Chappell in a research paper. Does this mean we finally made it? Maybe.

Just released Hypnus, a Rust lib for sleep obfuscation with some nice call stack spoofing during sleep and API calls (encryption & more) 🫡 Thanks @C5pider & Austin for the initial ideas! github.com/joaoviictorti/…

I can also see the search-ms URI being used to pull up File Explorer (or even asking the user nicely to hit Win+E) which won't result in the browser having the executed command run as a child process.