Holiday Steam Scam – “Breathcup”
Breathcup.com appears to be a scam site meant to steal Steam account credentials. It is masquerading as an e-gaming competition site encouraging users to log in using their Steam credentials to take part in, and vote on, e-sports competitions and teams. I had an acquaintance on my Steam friends list message this to me, asking to ‘vote for a friend’ in an e-gaming competition. Fair enough – I clicked the link, but something felt off. There are broken links on the site, and the “FAQ” page has elements that don’t expand (I’m assuming a brokenelement or something). When something smells fishy, I’ll look at it a little closer.
JWT-Brute: Cracking JWT Tokens with Python
A brief exercise in cracking insecure JWT tokens using Python. Code available on Github.