ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", "blurhash": "toot:blurhash", "focalPoint": { "@container": "@list", "@id": "toot:focalPoint" }, "Hashtag": "as:Hashtag" } ], "id": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-01-02T01:02:14Z", "url": "https://infosec.exchange/@eric_capuano/109616911807727673", "attributedTo": "https://infosec.exchange/users/eric_capuano", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/eric_capuano/followers", "https://infosec.exchange/users/UlfFrisk" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-01-02:objectId=34129242:objectType=Conversation", "content": "<p>Somebody just uploaded a decent video explaining the differences between simple DLL injection (loading injected code from disk, easily detected by Sysmon/EDR) versus reflective injection (injecting code directly from memory, slightly stealthier) into a victim process.</p><p>Either of these, easily detected by tools like Volatility's malfind plugin, or my new favorite, MemProcFS' <a href=\"https://github.com/ufrisk/MemProcFS/wiki/FS_FindEvil\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">findevil</a> by <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@UlfFrisk\" class=\"u-url mention\">@<span>UlfFrisk</span></a></span> </p><p><a href=\"https://www.youtube.com/watch?v=IX0qUTbXNog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">youtube.com/watch?v=IX0qUTbXNo</span><span class=\"invisible\">g</span></a></p><p><a href=\"https://infosec.exchange/tags/DFIR\" class=\"mention hashtag\" rel=\"tag\">#<span>DFIR</span></a> <a href=\"https://infosec.exchange/tags/MemoryForensics\" class=\"mention hashtag\" rel=\"tag\">#<span>MemoryForensics</span></a> <a href=\"https://infosec.exchange/tags/ThreatHunting\" class=\"mention hashtag\" rel=\"tag\">#<span>ThreatHunting</span></a></p>", "contentMap": { "en": "<p>Somebody just uploaded a decent video explaining the differences between simple DLL injection (loading injected code from disk, easily detected by Sysmon/EDR) versus reflective injection (injecting code directly from memory, slightly stealthier) into a victim process.</p><p>Either of these, easily detected by tools like Volatility's malfind plugin, or my new favorite, MemProcFS' <a href=\"https://github.com/ufrisk/MemProcFS/wiki/FS_FindEvil\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">findevil</a> by <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@UlfFrisk\" class=\"u-url mention\">@<span>UlfFrisk</span></a></span> </p><p><a href=\"https://www.youtube.com/watch?v=IX0qUTbXNog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">youtube.com/watch?v=IX0qUTbXNo</span><span class=\"invisible\">g</span></a></p><p><a href=\"https://infosec.exchange/tags/DFIR\" class=\"mention hashtag\" rel=\"tag\">#<span>DFIR</span></a> <a href=\"https://infosec.exchange/tags/MemoryForensics\" class=\"mention hashtag\" rel=\"tag\">#<span>MemoryForensics</span></a> <a href=\"https://infosec.exchange/tags/ThreatHunting\" class=\"mention hashtag\" rel=\"tag\">#<span>ThreatHunting</span></a></p>" }, "attachment": [ { "type": "Document", "mediaType": "image/png", "url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/616/885/819/845/533/original/819453b848716289.png", "name": "Code demonstrating simple DLL injection in a victim process", "blurhash": "UuBNm5DN%$MxRjj]axoexCS4o0WXWEoeWWj?", "focalPoint": [ 0, 0 ], "width": 1134, "height": 557 } ], "tag": [ { "type": "Mention", "href": "https://infosec.exchange/users/UlfFrisk", "name": "@UlfFrisk" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dfir", "name": "#dfir" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/MemoryForensics", "name": "#MemoryForensics" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/threathunting", "name": "#threathunting" } ], "replies": { "id": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673/likes", "type": "Collection", "totalItems": 18 }, "shares": { "id": "https://infosec.exchange/users/eric_capuano/statuses/109616911807727673/shares", "type": "Collection", "totalItems": 9 } }