Leaderboard


Popular Content

Showing content with the highest reputation on 12/20/2022 in all areas

  1. 2 points

    Time Left: 8 months and 8 days

    • FOR SALE
    • NEW

    The business has been operating for more than 8 years and brings regular profits. Business is 100% online. You can work from anywhere where there is Internet. Employment 2-3 hours a day. There are many options for customer traffic, everyone will find their own, not to the detriment of my business. At the moment, several dozen franchises have been launched, working regularly for profit. The payback period of the business is 1 month. The first client will arrive 7-10 days after the launch. The average check is $800 Max check 12000$ Business is the management of a trading platform - an exchange, and the sale of goods and services on it, the subject of business is specific, I will not specify what kind of goods, otherwise the topic will become public. And now about the most interesting thing, We have learned how to competently pull money out of the client's accounts, while he does not even understand how this happened and it is not possible to convict the organizers of anything. I give you a fishing rod, bring you to a fishing place and teach you how to fish. But you have to catch it, according to my methodology, letting everything take its course means losing. I won't say more about the specifics of the business. Many people have a question about the police? When they hear about illegal business. The police are not interested in this topic at all. Your clients won't even think of going there. Franchise price: The global version has 6 billion customers worldwide. Unlimited traffic flow. with 3 months of work, the profit is $ 10000+ Price 2500$ Next, you can scale (create copies) of your business yourself without asking me anything. Who do I want to see among the franchise buyers: Adequate people with substantive questions. He is polite and friendly with such people. People asking for alms are immediately blacklisted. Required Skills: - Confident use of the computer and the Internet. - The experience of communicating with people (all communication takes place online) And once again for everyone! You are buying a path to a stable online income, not the income itself. You should follow the instructions clearly, and not think that everything will come by itself. I will teach you how to run this business properly, with maximum income. It takes 2-3 days to deploy the project and transfer it to your hands. Then you study my instructions, ask questions and start working. I am always in touch, I will help with advice and business. There is also an option of joint cooperation of our businesses in the future, but only after the purchase.

    $2,500.00

  2. 2 points

    Time Left: 2 months and 16 days

    • FOR SALE
    • NEW

    Google pay, pay pal, western union, bank transfers. Quickly, without delay. Guarantee of receiving money 100%

    $1,000.00

  3. 2 points

    Time Left: 5 months and 28 days

    • FOR SALE
    • NEW

    Dissecting DEFENSOR: a stealthy Android banking malware Android malware apps are nothing new, but this one is of particular interest in how it implements no such functionality that can be readily detected by security products. The apps named DEFENSOR ID and Defensor Digital rely mainly on Android's Accessibility Service to conduct malicious activities, and go undetected. In fact, a blog post released May 22nd 2020 by malware researcher Lukas Stefanko of ESET states, "the banking trojan was available on Google Play at the time of the analysis. The app is fitted with standard information-stealing capabilities; however, this banker is exceptionally insidious in that after installation it requires a single action from the victim – enable Android’s Accessibility Service – to fully unleash the app’s malicious functionality." The blog post also demonstrates at the time of its inception, no antivirus engine detected this malware sample. Even today, only 5-6 detection engines are flagging these two apps, according to VirusTotal. This raises concern for the next iteration of malware that may be nothing but a slight modification of these apps. Android Accessibility Service To make smartphones more accessible to users with special needs, the Accessibility Service allows for the device to extend permissions to an app to read screen content (e.g. for providing text to speech synthesis capability). You can imagine how useful would such a functionality be to a malicious app. Existing detection models can reliably predict when certain combinations of permissions requested by an app may pose problems. But because the Defensor apps mainly relied on obtaining Accessibility Service permissions from the user, along with some other minimalistic ones, no red flags were raised anywhere. The permissions requested by the app include the following, of which the critical ones are highlighted: android.permission.INTERNET android.permission.SYSTEM_ALERT_WINDOW android.permission.BIND_ACCESSIBILITY_SERVICE com.secure.protect.world.permission.C2D_MESSAGE android.permission.ACCESS_NETWORK_STATE android.permission.FOREGROUND_SERVICE android.permission.REQUEST_DELETE_PACKAGES android.permission.SYSTEM_OVERLAY_WINDOW android.permission.WAKE_LOCK android.permission.WRITE_SETTINGS com.google.android.c2dm.permission.RECEIVE In practice, this means the app can capture credentials entered by the user on mobile banking apps, read or generate SMS messages, read emails, read Two-Factor Authentication (2FA) codes generated by authenticator apps — thereby bypassing 2FA, steal cryptocurrency private keys, and so on, and upload all of this vital information to an attacker-controlled server! The app also requests the WAKE_LOCK permission, letting it override the default screen timeout setting, and keeping the device turned on persistently. This would give malware an extended opportunity to launch other apps and to continuously capturing sensitive information. The screenshots provided by ESET demonstrate this behaviour: Indicators of Compromise (IOCs) To make things easy for the security community, malware researchers at ESET have thankfully provided two useful IOCs identifying the malicious apps that have now been yanked from the Google Play store. Package Name SHA-1 Hash SHA-256 Hash ESET detection name com.secure.protect.world F17AEBC741957AA21CFE7C7D7BAEC0900E863F61 BBFB6DEDC01492CA3AC0C4F77343A22162518B306660E9CE958F2A6369FFAF13 Android/Spy.BanBra.A com.brazil.android.free EA069A5C96DC1DB0715923EB68192FD325F3D3CE B5A64791728AA641838D2A478375F5D46F91C91B8DF0CDE34B21DDA2D4D7D8A1 Android/Spy.BanBra.A New information and my analysis ESET researchers have done a brilliant job of presenting their comprehensive analysis of these apps and their documented behaviour. Further to their report however, I'd like to add a bit of my own findings. Command & Control (C&C) domains The attacker controlled C&C domains are still up — well at least one of them, and that's problematic. Domain IP address Task empresasenegocios.online 132.148.42.16 Command & Control (C&C) atendimentoempresarial.digital 184.168.221.46 Command & Control (C&C) The URLs specifically used by the app to establish communication between the attacker-controlled server include: https://empresasenegocios.online/remoteControl/ https://empresasenegocios.online/remoteControl/api/main/index/ http://atendimentoempresarial.digital/remoteControl/api/main/index http://atendimentoempresarial.digital/remoteControl/ Interestingly, VirusTotal reports most antivirus engines are still not flagging these URLs, except for FortiNet which flags just one of the empresasenegocios.online URLs as phishing: Nevermind the fact, the empresasenegocios.online domain still has a fancy admin panel for the attackers to log into and glance over the juicy details of their victims 🍿: Here's also a preview of the API: And the domain continues to be hosted on GoDaddy's shared hosting, with its beautiful cPanel and WebMail interfaces accessible: empresasenegocios.online/cpanel: empresasenegocios.online/webmail: At least, atendimentoempresarial.digital domain has its GoDaddy parking page showing up for now. While that's no guarantee that the domain's malicious ownership or activities have ceased, so far there are no strong signs indicating ongoing activity either. The WHOIS records of these domains didn't reveal anything particularly interesting other than Sãu Paulo, Brazil addresses and phone numbers, which could very likely be fakes, along with two email addresses belonging to the anonymous ProtonMail service: [email protected] and [email protected]. The Takeaways Enforcing BYOD policies Because prominent antivirus engines are not detecting apps like these — even now, advice to "scan your mobile device" is futile. SOC analysts and Security Ops professionals are strongly advised to enforce a corporate mobile device policy which restricts employee access to Google Play app store on their work devices. Apps like these pose significant threats to an organization's secrets especially when an organization has a relaxed Bring Your Own Device (BYOD) policy, allowing for corporate email accounts to be accessible on an employee's personal mobile device (e.g. Gmail's Android app managing both personal and work accounts of a user would not be immune to attacks like these, and could easily infiltrate corporate trade secrets to malicious actors). Network monitoring and blocks Additionally, extensive network monitoring in your SIEM/EDR products should be setup for these servers, with network blocks implemented, given at least one of these domains is still active. That way, any device on your corporate network would be prevented from inadvertently making calls to these domains. Note: The IP addresses appear to belong to GoDaddy's shared hosting, therefore blocking these could potentially block legitimate websites. It is best to block the malicious domains for the time being. DEFENSOR ID and Defensor Digital were just two of the apps which have been identified and removed from the Play store, but given their stealthy behaviour, we do not know as of yet how many other apps might be using these servers or leveraging the Accessibility Service weakness.

    $299.00

  4. 2 points

    Time Left: 8 months and 6 days

    • FOR SALE
    • NEW

    I will order gold bullions, coins, jewelry products from the website www.perthmint.com to your address Gold bullion prices 20g - 305$ 50g - 650$ 100g -1150$ Prices include shipping. Prices for coins and jewelry presented on the site are discussed separately. At least 30% of the cost of the site. Also see my other proposal for teaching the carding method of the site perthmint.com

    $305.00

  5. 2 points

    Time Left: 7 months and 18 days

    • FOR SALE
    • NEW

    BMO SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  6. 2 points

    Time Left: 7 months and 18 days

    • FOR SALE
    • NEW

    UBER SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES.

    $200.00

  7. 2 points

    Time Left: 2 months and 16 days

    • FOR SALE
    • NEW

    Hello everybody! Welcome to my WOLOW MONEY TRANSFER service. Paypal is one of the destinations. The minimum transfer amount is 1000$ 1000$ - 400$ (my share) 2000$ -700$ (my share) 3000$ - 900$ (my share) 4000$ - 1000$ (my share) 5000$ -1200$ (my share) https://t.me/wolowmoneytransfer

    $400.00

  8. 1 point

    Time Left: 7 months and 17 days

    • FOR SALE
    • NEW

    NFC ATM Jackpotting Malware. Works only at NCR SelfServ NCR ProCash modes (WORLDWIDE). Withdraws all cassettes one-by-one. DOESN'T REQUIRE USB ACCESS OR ANY PHYSICAL INSIDE ACCESS. Injects through NFC card. You will need a very specific software to use it. I'll help with links where you can buy it. Overall spendings will be around 50-100 USD. I will stop selling at any time. As soon as I realize that too many people use it.. Manual and safety guide will be included with software. Any technical details won't be shared until funds are in escrow.

    $2,500.00

  9. 1 point

    Time Left: 14 days and 48 minutes

    • FOR SALE
    • NEW

    Devices for cloning bank cards. Infusion X6 can capture and save up to 21 cards per second. This is great in big crowds, the X6 won't waste time and it won't miss an opportunity to snap the next card! We've extended by 15 centimetres away range. This way contactless bank cards can be captured without your victim knowing. Infusion X6 is smaller, better shaped and it can be attached to the wrist dock which can be hidden under your sleeve. It has a locking system. To make the device more secure just in case it gets caught by the authorities we have added a locking system which locks and encrypts the data already stored on the device. A Velcro wrist dock is essencial, it is packed with two strong Neo magnets in order to secure the device in place. This way the device has better stability and can be easily hidden under clothing. The docking station is also packed with 2 20*0.5mm powerful Neo magnets to ensure stability. The last thing you want is the X6 to accidentally move while you conducting data transfer and risk to lose the precious data you've just gathered. Price 700$ 900$ x6 + booster That's right, you've requested and we made it happen. Unfortunately, due to the design structure and to maintain its discreet size we were only able to add an additional 10 cm of contactless range. At first it doesn't seem much but it does add up and so, we now have a total of 25cm. No more needing to be extremely close to the victim and perfect for overcrowding places. If you dont know what a booster is, we will explain. A booster is an additional electronic component installed internally into the Infusion X6. This is to expand its contactless range up to 25 cm. NOTE: THE BOOSTER CAN ONLY BE INSTALLED BEFORE THE ORDER IS SHIPPED TO THE CUSTOMER. IDEALLY YOU WILL NEED TO ORDER THE INFUSION X6 + BOOSTER AT THE TIME WHEN ORDERING. THIS IS AN INTERNAL MODIFICATION THAT NEEDS DOING BY ONE OF OUR ENGINEERS. ANY ATTEMPT MADE BY THE CUSTOMER WILL VOID THE WARRANTY.

    $700.00

  10. 1 point

    Time Left: 8 months and 9 days

    • FOR SALE
    • NEW

    I will sell my author's way of working with the site onetwotrip.com The training period is 2 days. After completing the training, you will be able to book flights and hotels on someone else's bank cards.

    $799.00

  11. 1 point

    Time Left: 7 months and 18 days

    • FOR SALE
    • NEW

    LLOYDS BANK SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  12. 1 point

    Time Left: 14 days and 48 minutes

    • FOR SALE
    • NEW

    I will make a custom skimmer for any ATM with a video camera or pinpad. I can also offer skimmers with GSM fart technology. From$800

    $800.00

  13. 1 point

    Time Left: 14 days and 48 minutes

    • FOR SALE
    • NEW

    The world's only wireless bluetooth magnetic stripe credit card reader writer,smallest and portable Hico and loco: all compatible (300~4000 oe); Three Tracks: track 1,2,3; Functions:read, write and erase; LED indicator, applicable and full support for ISO 7811-6 standards Bluetooth and USB interface works with Windows OS, Android, Mac OS, iPhone and iPad Download "EasyMSR" from "Google Play" or "App Store" for Android Mobile/Tablet or iPhone,iPad Using Free software for Windows and Mac OS. Paid APPs for Android and iSO(iPhone, iPad), about $20 for the EasyMSR app

    $300.00

  14. 1 point

    Time Left: 8 days and 19 hours

    • FOR SALE
    • NEW

    To infect the device, it is enough for the user to click on the link or open the image. Up to $ 1000 per year with 1 connected device. The number of connected devices depends on you, there may be 10 or even 10,000. Antivirus programs do not react to infection in any way. Additional questions in telegram or PM

    $999.00

  15. 1 point

    Time Left: 7 days and 18 hours

    • FOR SALE
    • NEW

    Ncr, Wincor Nixdor, Diebold Insert Skimmer.Full Kit ready for work.Battery can last up to 48 hours,outside temperature doesn’t affect to skimmer working time, because skimmer is located inside ATM.Store up to 15000 credit card tracks. Full Kit Include Insert and remove tools, data cable,software CD, this is plug and play product that is ready for work. Available to order PIN pad as extra option.

    $1,000.00

  16. 1 point
    :fiesta: :fiesta: :fiesta: :fiesta: :fiesta:
  17. 1 point
  18. 1 point
  19. 1 point
  20. 1 point
  21. 1 point
  22. 1 point
  23. 1 point
  24. 1 point
  25. 1 point
    Liked it bro good work keep it up.
  26. 1 point
  27. 1 point
  28. 1 point
  29. 1 point
  30. 1 point
  31. 1 point
    Liked this shit , keep it coming ! xD
  32. 1 point
    awesome bro,where can we find proxy lists thoe?
  33. 1 point
  34. 1 point
  35. 1 point
    owh man realy realy thanks :) no words :comfy: PS:cash link :I
  36. 1 point
  37. 1 point
  38. 1 point
    TY ENJOI DONT FORGET TO LIB A LIKE cOVERD BY MESVAK XD
  39. 1 point
  40. 1 point
  41. 1 point
  42. 1 point
  43. 1 point
  44. 1 point
    :jew: u got it. congrat :hype:
  45. 1 point
  46. 1 point
  47. 1 point
  48. 1 point
  49. 1 point
    Magenda is love Magenda is life