#39c3 1712-eng-deu When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons av1-hd

Name: #39c3 1712-eng-deu When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons av1-hd
Uploaded: 2026-01-01T12:17:35+00:00
Duration: 34 min 35 s
Channel: ddcmedia

ddcmedia

When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons

English und Deutsch

AI SCAMS 2026: How "Vibe Scammers" Stole Millions – and Got PWNED by Hackers! 💥💻

Imagine a simple delivery text message draining your entire bank account. 😱
In this gripping talk from 39c3, Chiao-Lin Yu and his team reveal the dark side of the AI revolution. It's 2026, and the game has changed: criminals no longer need degrees – they use "Vibe Coding" and LLMs to deploy massive fraud infrastructures in minutes.
Highlights of this talk:
The Multi-Million Dollar Trap: How fake delivery sites targeted thousands of victims.
The AI Blueprint: Why AI-generated code left critical backdoors for security researchers.
Vibe Hacking: Watch how experts used the scammers' own AI tools to take down 100+ domains.
The Warning: How the collapse of the skill gap democratized cybercrime.
This isn't just a tech talk—it's a digital thriller. Are you the next target, or are you ready to see how the hunters fight back? 🛡️

KI-BETRUG 2026: Wie „Vibe-Scammer“ Millionen stehlen – und von Hackern entlarvt wurden! 💥💻

Stell dir vor, eine harmlose SMS kostet dich dein gesamtes Erspartes. 😱
In diesem explosiven Talk vom 39c3 (Chaos Computer Congress) decken Chiao-Lin Yu und sein Team die dunkle Seite der KI-Revolution auf. Wir schreiben das Jahr 2026, und die Spielregeln haben sich geändert: Kriminelle brauchen kein IT-Studium mehr – sie nutzen „Vibe Coding“ und LLMs, um hochprofessionelle Betrugsplattformen in Rekordzeit zu bauen.
Was du in diesem Video lernst:
Die Millionen-Falle: Wie Scammer mit gefälschten Lieferdiensten ein Imperium aufbauten.
Der KI-Fehler: Warum blindes Vertrauen in KI-Code den Hackern eine Hintertür ließ.
Vibe Hacking: Wie Profis dieselbe KI nutzen, um über 100 illegale Domains zu infiltrieren.
Die Gefahr: Warum die Eintrittshürde für Kriminelle jetzt bei Null liegt.
Dieses Video ist eine Warnung und ein Krimi zugleich. Wirst du das nächste Opfer oder lernst du, wie die Jäger denken? 🛡️

#39c3,
#CyberSecurity,
#AI,
#KI,
#ScamAlert,
#Hacking,
#ChaosComputerClub,
#VibeCoding,
#InternetSicherheit,
#Betrug,
#OnlineScam,
#CyberCrime,
#Datenschutz,
#TechNews,
#Informatik,
#Phishing,
#Deepfake,
#ITSecurity,
#DigitaleSicherheit,
#SoftwareDevelopment,
#EthicalHacking,
#OSINT,
#SocialEngineering,
#CrimeStory,
#Technology,
#Future,
#KI2026,
#CyberDefense,
#Hacktivism,
#Privacy,
#SmartphoneSecurity,
#Fraud,
#Finanzbetrug,
#ECommerce,
#Kriminalität,
#Innovation,
#Wissen,
#SecurityAwareness,
#VibeHacking,
#InformationSecurity,
#WhiteHat,
#WebSecurity,
#CyberAttack,
#Automation,
#Developer,
#Coding,
#ThreatIntel,
#Investigation,
#TechTrends,
#DailymotionTech,
#SafetyFirst,
#InternetSafety,
#HackerNews,
#ExpertTalk,
Cyberabwehr,,
KünstlicheIntelligenz,
Schadsoftware,
Hintertür,
Authentifizierung,
TaiwanScam,
PaketdienstBetrug,
LLMCode,
Sicherheitslücke,
Geldwäsche,

Category

🤖

Tech

Transcript

Display full video transcript

00:00Hello, everyone. I'm Steven, and you can also call me

00:27You Zhao Ling. Today, I'm going to show you a real story. How to become a Vibe Hacker and how to fight against Vibe Scammer. This talk contains some offensive technique, but the purpose is to show how we can use this skill to protect people from scam. So, let's begin.

00:49Now, in the AI era, there are more and more AI-related hackers in the world. They use AI to do auto-scanning and exploitation to deploy the malware.

01:03Also, more scammers use AI to help them to achieve their goal. For example, they use AI to build a scam website and message to the victim. All done by AI automatically.

01:17So, as a white-head hacker like us, what can we do to fight against this kind of change? When adversaries use AI, so can we also use AI to do some detection or investigation?

01:32During this research, we found several AI-based phishing websites. Yeah, the purple color, the tailwind CSS. It's a clear signature that they use AI like Cloud Code to build a website.

01:45Yeah, sure. We found a large number of vulnerabilities that can be used to pump into the system. And as we may know, using AI to generate websites will always create huge vulnerabilities, right? Yeah.

02:01We also use AI to collect data from the scan group. We found the author of the phishing website. And we also found the core member, the operation lead, and so on.

02:12Okay. So, let me quickly introduce myself again. I'm Steven Yu, or you can also call me Yu Zhaolin. And currently, I'm a vibe hacker in trade micro writing in Taiwan.

02:24In today's session, I will use a writing perspective rather than the common blue team threat hunter approach to find a scam. And also, this is my first time at CCC, so I'm very, very excited.

02:44Okay. So, here is the agenda for today's session. First, I will talk about the scan 101. I will show how the story begins and the common scan pattern for this case. Then, I will show how I use AI to find the vulnerability and break into the system.

03:01Next, after exploring the scan system, I will demonstrate how the system works and how to find the evolution in the single scan system. Finally, we use AI to find open source phishing website and AI forms.

03:18Here is how the story begins. One day, one of my friends received a scan message and asked me to help me to check it. And then, as a hacker, I like this kind of target to practice my skill. And also, I want to test some of the latest AI pen test and the writing tool.

03:37So, I believe it's a great chance to test that. So, I got a scan URL. And it was an overseas website. So, it wouldn't break the law in my country. Yeah. Yeah. After getting the URL, I sent it to my AI agent to do some more research.

03:55A few moments later. Yeah. I hacked it using AI. So, how does it work? AI is growing very fast. So, I believe more and more AI-related offensive tool will be created.

04:09In this talk, I won't share which specific tool is useful or bad. But I will share more high-level things about what AI is good at. During this research, I mainly use the Cloud Code 4.5 and the Gemini 2.5 Pro as an ALM.

04:27And I attached the Hextry MCP to that AI user security tool. And for the code review and exploitation, I mainly use Cloud Code and the Strax to handle the entire process. And the interesting thing is, I didn't write any code by myself. I just told AI what I wanted. And AI did the rest. So, it's what I call Vibe Hacking. Okay. So, let's talk about the scan pattern in this

04:57case. In recent months, we saw several scan pattern where they post free stuff on the social media platform, like Facebook, Instagram, and Threads. Victims only need to pay the shipping fee to get the free or the low-price item.

05:16And then, when the victim message the seller, they will redirect to a scan website to pay for shipping. Most payments are online bank transfer to a

05:27charity foundation, which is not belong to the scammer. The price is about 2 to 5 euros. Yeah, it's very cheap. The purpose is not to get the money in this step. It's a compliance test. If a victim pay at this step, which means they are considered easy to scan.

05:46Yeah, scammer always choose who is easy to scan and will not try to cheat the smart people. So, be smart. Okay. Okay. Let me post at this step. In fact, we can fish their fish at this step.

06:01Since some one of the scammer here are the real people. So, we can set up an IP logger and to do some social engineering to get some IP information. Yeah. For example, we can say, oh, the website is arrow and post the image URL link to our own IP logger. Yeah. Yeah. But from the OPSEC perspective, this carries certain risk because we may be discovered. If many people use this method in the future, it will make it

06:31be discovered. Okay. So, we can get a scammer IP using this method. Most of the IP are the overseas IP using VPN or the roaming SIM card in the cell phone simulator. It's hard to catch that. But if the scammer makes some mistake, maybe we can get a real IP and call the police. Okay. Okay. So, go back to the scam chat. For the multi-stage attack, the next step after

07:01transferring the shipping fee, the website will show that you made the seller's account get lucky. Since you didn't have some real name identity verification. And it asked the victim to contact a fake customer's support to do the next step. Since the fake customer support know all the victim's information, because victim enter the personal data into the fake website. For example, the fake customer support asks victim to transfer

07:31a certain amount to a certain amount to a specific account to do the unlock process. And then the scan successful. So, here is a quick summary of this kind of scan pattern. They post the free giveaway via the social media, then redirect it to the fake website to do the compliance test.

07:52Then they use fake customer support for the account unlocking and manipulate user into making payments. Okay. So, next part is the funniest part. How we break into the system. Yeah, when I say we, which means me and my AI agent partner. Yeah. You know, in the old day, hackers need to do everything manually. But now, I just sit back, drink a coffee, and watch my AI agent do their work. Yeah.

08:21Of course, of course, I still need to guide AI to do some and make some decision. But the boring part, AI will handle that. So, the first thing is Raycon. Yes, when we use the Strix or the Hextrack MCP, the AI first do the directory scan and find some interesting stuff. For example, we find a .bak in the directory. It means the developer has many bad

08:49development practice. And we can get some part of the source code to review. So, we can download the file and review it. I use the cloud code to review the source code and find some receiver URL and some SQL query that has a SQL ingestion vulnerability. Yeah. And, for example, this one. And the entire source code has so many SQL ingestion vulnerabilities.

09:18So, next step, we can try to craft the payload and get more database information, right? So, for example, we can try to use a boolean-based injection, like, and one equal to two, and sleep for five seconds, and even use time-based injection to get a database name, information, schema, and so on, right? But who wants to do this kind of basic SQL injection? We all know that we can use SQL map to do that.

09:25Yeah. AI also choose SQL map to do it. Yeah. So, just enter SQL map, right?

09:49also choose SQL map to do it. Yeah. So just enter the SQL map, enter the argument, and

09:57press enter. But the response is yes, but actually no. The parameter click ID does not seem to

10:08be injectable. So what happened? We already checked the source code is viable, but we

10:14can't exploit it with the SQL map. After that, I did a manual testing by adding the birth

10:21suite to check the raw HTTP request. The response shows, please use your mobile phone to open.

10:29Maybe it's not a while to prevent SQL injection. It's just set up a forced user to access this

10:34website using a cell phone. Okay. So okay, we can just set up a user agent to ask us if

10:41we are using a cell phone. And it works. Okay. But. But the boolean base is not efficient.

10:56So we assume that maybe other page also has some SQL injection vulnerability, right? Maybe

11:01there's a union base is easier to use. Yeah. After testing, we found that. Another page has

11:08a union base query. But on the closer inception, we discovered that the table has 85 colors.

11:16So why does the table need 85 colors? I totally don't understand. But we will talk about it

11:23later. So and we found the admin users database. The database store the pentax username and password.

11:32So after getting that, we might be able to log into the backend console, right? But if you

11:39ever done this in the real world, you may know the most difficult part is not to obtain the

11:45credential. It's to find the login page and use that. Okay. Then I used AI to help me to scan

11:55more deeply. I also did a recursive scan and even generate a customer customized wordless to for the past

12:04scan. Yes, to generate a customized wordless based on the previous scan result is very useful in AI. For

12:11example, if we found an past file called the admin backup.php, the AI will try admin login.php, admin panel.php and the similar

12:23name. Then so we can find the login page. But the login page is weird. Not like a backend. It only

12:32needs a password, not a username and password. The password we got doesn't work in this page. So the

12:40AI automatically decide to generate a passwordless to prove all that. And guess what? AI successfully

12:48gets the right password. Yeah. And the password... The password is just admin. Yeah. Okay. So after

13:02logging into the system, wait, what? It's not a admin page. It's a web show. In fact, I have no idea

13:10why there is a web show in the scan phishing website. Yeah. So we believe there are three possible

13:18reasons that why a web show appear. First, maybe it's a crime within crime. The developer left a back

13:26door on the website. You may know even crime doesn't trust each other. Yeah. Or maybe it's just for the

13:33maintenance purpose. The back door is used for the quick fixes. Like when something breaks at 3 AM,

13:40they don't want to access that into the server. Or maybe the site is already hacked. Some external

13:47hacker is breached the site before us. But honestly, we don't care why. For us, it's very useful for

13:55further investigation. Free show. Thank you very much. Yeah. Okay. So now we have a web show. We can

14:07see all the inside files and paths. We can also find the real logging page to log into the system.

14:14This is where the real fun begins. We are now inside a scammer system. And we can see how they

14:21operate their business. Yeah. I say business. Because of them, scamming is a business. They have the

14:28product, customer, even the customer support. Here is a hidden logging page. The Chinese text shows

14:36an ice blade system. We can use the credential we obtain from the SQL injection to log in. After logging to

14:45the system, it's called the Dapang system. And it leaves a Telegram ID on the website. And the page also

14:53says if you need any support, please contact Dapang using the Telegram. So we can use the Telegram ID to

15:00find the developer, Dapang, okay? Inside the system, we can find some product management system. Scammer can add

15:09the new product to generate a new URL and perform other operations. In the order management page, it shows

15:19a lot of victim-sensitive information, such as the phone number, address, and name, and some transfer

15:25screenshot. The fake customer support can use this information to increase the trust in the state of

15:33the scam process. And here is an interesting page. It's a fake bank app record and the iOS notification

15:42page screenshot generator in the side. It shows an account freezing notification, say, more than 2000

15:49EUR was frozen. The scammer used this screenshot in social engineering to prove that the victim has

15:56their account has been locked in. It's very smart. The victim already paid for the shipping

16:03fee. So they believe the transition is real. And when they see the fake screenshot, they panic and

16:10follow the scammer's instruction. Social engineering is a powerful weapon for scammer. So, okay, let's go

16:18back to the web show. It's a PHP 5 and very old system built in 2020. But we want to execute more

16:27commands directly. But in PHP info, it shows that most disabled functions are set. So we couldn't execute

16:35any normal command. And then I asked AI to help me to find if there was any opportunity to bypass that.

16:44Yeah, AI tell me we can use a tool called fake CGI. Yeah, to use fake CGI to bypass the restriction.

16:53Just add some CGI client and upload it like a web show. So then we got the full RCE on the system. We

17:01can execute the system command. Okay. But currently, we are a low-privileged user. We want the higher

17:09privilege. We need to do the privilege escalation. The basic enumeration shows that it's a centerOS 7 with

17:16an old Linux version, right? So we can use a legendary CVE called PUNKIT, CVE-2021-4034 to escalate the

17:26privilege to root. This vulnerability is from 2021, but many servers are still not patched. PUNKIT is one

17:34of my favorite privilege escalation vulnerabilities because it works on almost every Linux system.

17:41The vulnerability is in a policy kit which is installed by the default on most Linux distribution.

17:49If you are a system administrator, please patch your system. And if you are a hacker, well,

17:54you know how to do it. Okay. So now we got the full root permission. We can see the system built using an

18:02AAPanel in Chinese version called just like XAMPP or LAMP. It contains the NGX, MySQL, and some WAF.

18:14AAPanel is very popular in China because it's easy to use. You can set up a web server in minutes

18:20without any Linux knowledge. Maybe we can find some interesting stuff through the AAPanel's log.

18:27Through the log, we discovered that building a new phishing website only takes about four minutes.

18:35From uploading the source code to import the database and SSL certificate. Also, when they need to rotate

18:44and change the new domain name, it only takes about one minute. It's very scary. I believe the speed of

18:51government or the anti-scan product to add the block list is definitely slower than they can

18:58change a new domain. So manual blocking the domain today is not an effective way to against the fault.

19:06Let's continue to check the source code. We found the database username and password are both just cute.

19:13Okay? And there is a hidden page showing a phpMyAdmin. So we can log in using the SQL credential to check.

19:23In the database, there are many different phishing templates. For example, China's app like

19:29. And also, we can answer the question, why there are a table with 85 columns?

19:38The table contains the region, the stock, the heat, the recovery rate, and many other attributes.

19:45The table inherits many unnecessary columns since it supports many different scan templates. Okay.

19:52So we can just go back to the web show. There is an installation package on the web.

20:00Maybe we can download the entire package to get more interesting stuff.

20:05Yeah, so we can ask AI like check cloud code to review the entire code.

20:12Are there any other vulnerability or the interesting stuff?

20:17There is where AI is really useful. Reading thousands of lines of the PHP code is boring

20:23and time-consuming. But for AI, it's just a few seconds. I upload all the source code to the cloud code

20:30and ask it to find the vulnerability. And the result, more than 20 security issues, including SQL injection,

20:39file upload bypass, and hard code credentials. We discovered that the web show is in the installation

20:47page originally. So it's highly probable that the developer did it on purpose.

20:52We also discovered a fun vulnerability here. I will give you five seconds. Can you spy in?

21:02Yes, it will check the file extension name in the first line, right? And if the extension name check

21:09fail, it will return an error message. Okay, AI can help me to find the logic vulnerability.

21:17The source code check the extension name and response the error message, right? But the vulnerability is

21:24here. Although it check the extension name, this statement doesn't return or exit the function.

21:30The program continues to execute and upload the file. Therefore, we can abuse this function to RC

21:37again without a preview web show. We can upload our own web show even if the web show doesn't present on the

21:47website. So we also discover some similar site without a web show. So we can use this function to upload our own one.

21:58And the most fun part is AI discovers some telegram stuff in the system called telegram admin,

22:05telegram config, and telegram error log. When we access the telegram admin page, it requires another

22:14credential to log in. But after checking the backend source code, we found that the password is hard

22:21code in the website. So we can just log in to the telegram backend again. Okay.

22:28The backend is look like this. And it can set up the telegram chat bot token, the group ID, and some domain name.

22:36If you are familiar with the vibe coding, you may know this purple blue UI called the vibe purple. It's a

22:44telegram UI style that most AI use it by default. Even the author Adam from the telegram UI come out to

22:51apologize that they pollute the ALM to generate this style. So when you see the website with this purple

22:59color, there is a good chance it was built by AI. And it's actually a useful indicator for the threat

23:07hunting. So we found the telegram configuration page like this. When a user posts a token or the URL,

23:18it will write a config PHP file to set it up. Yeah, do you find another vulnerability? The bot token,

23:26the group ID, the group ID, and the domain is user controllable. So since it has some regular

23:33expression to check the parameter, but it is easy to bypass. So we can craft a payload and write a

23:41web show through this method. Yeah, so we got RC again through a PHP injection using AI to generate a

23:51payload to attack AI-generated website. It's the funniest part. The scammer used AI to build their

23:57website and we use AI to hack it. AI versus AI. Welcome to 2025. And honestly, the AI-generated code are so

24:14many vulnerabilities. It's like a playground for hackers. Next, we can ask us if we are a blue team.

24:22Let's try to collect the data and follow the trail to see what we have. This is an important part. As a

24:29security researcher, we don't just hack for fun. We want to understand the threat and help to protect

24:36people. So let's see what information we can gather from inside the system. First, since we have already

24:45have the root RCE, we can get a web access log and filter the admin page to get attacker's IP address,

24:52right? Okay. And then through the Telegram configuration page, we can get a Telegram group token and group name.

25:00Okay. Also, the Telegram error log contains the chat bot information and the communication record. And when

25:10it gets a new victim, the bot will send a message to the chat. This includes the victim's sensitive information.

25:19And they can also use the chat bot to publish a new product item to the system.

25:24Here are some group chat messages that I already translated to English. For example, when they

25:32successfully scan a victim, the group will send a congratulation message and even wish for a new

25:38wider girlfriend every day. And or some chat like this. They even scan a 13-year-old student who is in

25:48the school and make her contact her family. Or if the website is broken, they will also share in the chat.

25:58For example, if the time is approaching midnight, they will knock off and switch the server and domain.

26:04But since we all know switching domain only costs one minute, so I believe it's a very, very efficient group.

26:11So through entire log, we can identify the developer. The tech lead called Dapang. And there is an

26:19operation lead called Kai. And a core member called Chen Lei. And there are more than 30 salespeople in the chat.

26:27There is like a real company. They have different department, different role, and even the KPI.

26:34The salespeople are responsible for finding victim on the social media. The tech team

26:40maintain the phishing website. And the operation lead manage the whole process.

26:47We also identify their telegram group called Gongqi Fa Cai. This is a main work group. And they also have

26:55some invention link generation and technical discussion group. We found several different websites that use

27:03the similar SDK, but a little bit different. We believe it's an enhanced version. The first version used QQ for

27:13the customer service in July this year. The second version we discovered is from this August. The website

27:21provides a semi-automation and some voice notification. And the latest version also provides AI-based auto

27:29command generation and the multi-group management. I believe they are currently using AI to do more

27:36things automatically. The speed of evolution is very fast. In just a few minutes, few months, they upgrade

27:45their system multiple times. And we also discover when we go to the admin page directly without providing the

27:54password. It will show a message called, please log in before sharking. In Chinese, shark, like killing fish,

28:07so we believe it implies the phishing. So after getting this keyword, we found some tutorial on Bilibili,

28:14a Chinese video platform showing how to build a server. You can even set up a server using just a mobile phone

28:22without any computer. In the comment of the tutorial, someone also saw this program. The price of the

28:30platform is only 20 RMB, which is about 2.5 euros. Wow. Okay. We also found this platform's source code is

28:41shared on the internet. And it is a 13 in one, which means it has 13 different platform templates.

28:49So, sure, I downloaded one of these to review. I discovered some interesting source code comments.

28:57For example, logging fail done best. And fuck your mother does the IP. Look at that idiot thinking about fork.

29:07Forking, your mother should die first. This comment shows that developer really hates people who try to copy or fork their code.

29:16But now the funniest thing is the code is not shared everywhere in the internet.

29:24Okay. So we also compare the source code with our first case. It shows more than 80% is same.

29:33And in the 13 in one version, even the upload vulnerability is patched, but another vulnerability

29:40appears in the same file. So why the PHP in the upload allow list?

29:55When the developer closes one back door, they open another one.

30:01Also, the original version of the phishing platform contains a licensed management service.

30:07It will post domain information to check the license. But the latest one, our Taiwanese version,

30:14doesn't have this function. Which means our version might be a crack version.

30:21Okay. So here is a framework summary. The original version built in 2016. Then China used it to become the

30:31shark platform in 2020. Now a new fork targeting Taiwan called using the same code base. Is there only two forks?

30:41The answer very sadly, no. There is like a malware family tree. One original version and hundreds of variations.

30:51So like here is another fork. And another. One more. And more. More. And more different forks from the platform. The number is unpredictable.

31:06But luckily, we can use AI to help us find each fork's signature summary and use some OSINT tool to find the website.

31:15But I don't want to share more about how to identify the signature here. Because maybe some bad guys are also here now.

31:23Okay. So I don't want them to learn the evasion technique.

31:27For example, in October, just in one day, we discovered more than 20 new websites with the same template.

31:36And all of them are already been reworked. But a new one appears every day now.

31:41Okay. So here is the summary of my talk. For the common finding, the phishing website can quickly rebuild

31:52and switch domain, even in one minute. It's crazy fast. And we found several vulnerabilities here.

31:59They share the same framework. One bug can be used in another fork. It's both the good news and the bad news.

32:06If there are no legal issues, supporting the phishing website to do more investigation

32:13and collect the evidence might be a good idea. But please careful. Make sure you understand your

32:19law in your country before you're doing anything. And in the AI era, the fork team has a clear

32:27roll and rotate quickly. They rapidly change the source code and use AI to help them.

32:32And completely AI-based coding and phishing are growing very fast. For the vibe phishing, we need the vibe hunting.

32:42So to handle this problem, I believe to share the three intelligence across team and country is necessary.

32:50For example, the shark platform is also used in Taiwan, Japan, China, and Hong Kong. Although the front end is totally different,

33:00but they use the same back end and share the same vulnerability. So the cross-border case can be of a valuable insight.

33:10In the reality is, in 2025, it's very hard to remove all the scan sites. When you block one phishing site,

33:19five new websites will appear. This kind of thing should be automatically, not manual. For example,

33:26to do the real-time monitoring of the newly registration domain and install the local LLM in the browser to

33:34check the URL and the content. So let's become the vibe hunter and fight vibe scammer together.

33:45In the age of AI, only AI can beat AI. This is not a slogan. It's a reality. Scammers are using AI to build

33:53the website to write a message and automatically attack. If we don't use AI to fight back, we will

34:00always be one step behind. So let's embrace AI to learn how to use it and become a vibe hacker, vibe hunter

34:09together. So that's all my presentation. Thank you very much.

34:23Thank you very much.

Be the first to comment

Add your comment

#39c3 1712-eng-deu When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons av1-hd

Category

Transcript

Be the first to comment

Recommended