Forwarded from Team ETF ([โ
๐๐โ
]โกNรธรธbma๐ฐแดe๐69โกโ๏ธเธฟโฑ โณโตโญ โฆลโฆJโณ โฃรโฑคโตษโ๏ธ ลโฆฤลโณโฆ Vษโฑคลโฃลษฤ ใ#๐๐๐๐๐๐๐โขใ๐กXLR8VERIFIED๐ก | ๐๐๐๐๐'๐ ๐๐๐๐๐
๐๐๐ |#แดสแดแด
สษดแดแดษชแดษดแดแดแดกแดสแด)
Day6:
Commonly used terms in Carding.
#carding
โก๐ณCC: CREDIT CARD. Without this how will you card.๐
โก๐SOCKS5 IP:It is a proxy. It routes your traffic through a proxy server and generates an arbitrary IP address before you reach your destination. To say simply,it changes your IP address like a VPN. But it is much secured and provides good anonymity than a VPN.
โก๐ฅVPS/VM: VPS which everyone calls as RDP is a virtual cloud hosted pc. It is a virtual pc which has different MAC ADDRESS,different RAM,different storage than your computer. You can access a VPS using RDP or a Remote client. To say simply,you are accessing a different pc from your pc
VM(virtual machine) is like a vps,but it is not cloud hosted. It is made with the properties of your computer,means the VM has same MAC ADDRESS which your computer has.
But whatever happens in a VM or VPS wont effect your computer.
โก๐ณ6๏ธโฃBIN: BIN(Bank Identification Number) is the first 6digits of a CC number. Every bank has their own BIN. The first digit of the BIN says the provider of the CC
If it starts with 3: It is AMEX Card
If it starts with 4: It is VISA card
If it starts with 5: It is MASTERCARD card
If it starts with 6: It is DISCOVER/RUPAY(in india)
โก๐จFULLZ: FULLZ means the complete details of a person like CC details,Address,DOB,Phone number,Email address,SSN(Social Security Number is a Number which the US government provides to US citizens)
โก๐๐911: 911 is a site which sells SOCKS5 proxies. You buy proxies from any site which sells proxies,but 911 proxies have good anonymity and good security than proxies from other sites.
โก๐๐ณUNICC: UNICC is a CC selling. It is a highly trusted CC selling site. You can buy CC there for less prices. You can even buy FULLZ,CC with FULLZ.
โก๐๐ฒBITCOIN: BTC(BITCOIN) is a Digital currency. Most of the sites like UNICC,911 accepts BTC only to buy CC,proxies. So if you dont have BTC,buy from BTC sellers. You can store your BTC in BTC wallets like Coinbase(most preferred wallet).
โก๐ก๐บDROP: DROP is an address where your product will be shipped to. Suppose think that you are carding an E-COMMERCE site like bestbuy,amazon with a USA CC. So definitely the shipping address which you type in checkout should be a USA address. Orelse the site will see this SUSPICIOUS and cancels your order.
For the CC owner Shipping address will be the Drop address. But as we wont live with that CC owner we ship that product to another address from where we can get the product. If you have relatives or your house in USA,then you can keep their address. From them you can get your product. If you dont have any relatives then you can get DROP address from dropshipping sites. They will ship the product to you if you keep the DROP address they gave.
๐จ๐จ๐จThese are the most commonly used terms in carding,but there are more terms you need to know. We will post them later. Peace๐
Commonly used terms in Carding.
#carding
โก๐ณCC: CREDIT CARD. Without this how will you card.๐
โก๐SOCKS5 IP:It is a proxy. It routes your traffic through a proxy server and generates an arbitrary IP address before you reach your destination. To say simply,it changes your IP address like a VPN. But it is much secured and provides good anonymity than a VPN.
โก๐ฅVPS/VM: VPS which everyone calls as RDP is a virtual cloud hosted pc. It is a virtual pc which has different MAC ADDRESS,different RAM,different storage than your computer. You can access a VPS using RDP or a Remote client. To say simply,you are accessing a different pc from your pc
VM(virtual machine) is like a vps,but it is not cloud hosted. It is made with the properties of your computer,means the VM has same MAC ADDRESS which your computer has.
But whatever happens in a VM or VPS wont effect your computer.
โก๐ณ6๏ธโฃBIN: BIN(Bank Identification Number) is the first 6digits of a CC number. Every bank has their own BIN. The first digit of the BIN says the provider of the CC
If it starts with 3: It is AMEX Card
If it starts with 4: It is VISA card
If it starts with 5: It is MASTERCARD card
If it starts with 6: It is DISCOVER/RUPAY(in india)
โก๐จFULLZ: FULLZ means the complete details of a person like CC details,Address,DOB,Phone number,Email address,SSN(Social Security Number is a Number which the US government provides to US citizens)
โก๐๐911: 911 is a site which sells SOCKS5 proxies. You buy proxies from any site which sells proxies,but 911 proxies have good anonymity and good security than proxies from other sites.
โก๐๐ณUNICC: UNICC is a CC selling. It is a highly trusted CC selling site. You can buy CC there for less prices. You can even buy FULLZ,CC with FULLZ.
โก๐๐ฒBITCOIN: BTC(BITCOIN) is a Digital currency. Most of the sites like UNICC,911 accepts BTC only to buy CC,proxies. So if you dont have BTC,buy from BTC sellers. You can store your BTC in BTC wallets like Coinbase(most preferred wallet).
โก๐ก๐บDROP: DROP is an address where your product will be shipped to. Suppose think that you are carding an E-COMMERCE site like bestbuy,amazon with a USA CC. So definitely the shipping address which you type in checkout should be a USA address. Orelse the site will see this SUSPICIOUS and cancels your order.
For the CC owner Shipping address will be the Drop address. But as we wont live with that CC owner we ship that product to another address from where we can get the product. If you have relatives or your house in USA,then you can keep their address. From them you can get your product. If you dont have any relatives then you can get DROP address from dropshipping sites. They will ship the product to you if you keep the DROP address they gave.
๐จ๐จ๐จThese are the most commonly used terms in carding,but there are more terms you need to know. We will post them later. Peace๐
Forwarded from Team ETF (แดต แตแต แตสณแตแตแต)
Day7 :-
#forensics
๐ฟ๐๐ฉ๐๐๐ฉ ๐ฉโ๐ฉโ๐ดโ๐ธโ, ๐ตโ๐ฎโ๐ณโ๐ฌโ ๐๐ฉ๐... ๐ช๐จ๐๐ฃ๐ ๐ธโ๐ณโ๐ดโ๐ทโ๐นโ
Snort is a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.
My OS :- ubuntu
Let my ip address be 192.168.1.103
๐ ข๐ ๐ ฃ๐ ค๐ :- ( will be easy in future )
First you need to make some changes in configuration of snort.
๐๐๐๐ ๐๐๐๐๐ /๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐
Now, change HOME_NET IP address to your ip range.
Like,
๐๐๐๐๐ ๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐ท๐ฟ๐ธ.๐ท๐ผ๐พ.๐ท.๐ถ/๐ธ๐บ
Now go to
/๐๐๐/๐๐๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐๐
and add the rules given below
( Watch rules writing in the image. )
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ๐ ๐ ๐ ๐ ข๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐๐๐ข (๐๐๐:"๐ฟ๐๐๐ ๐๐๐๐๐๐๐๐"; ๐๐๐:๐ท๐ถ๐ถ๐ถ๐ถ๐ถ๐ท; ๐๐๐:๐ท; ๐๐๐๐๐๐๐ข๐๐:๐๐๐๐-๐๐๐๐๐;)
alert ---> show alert
ICMP ---> It's a protocol used to report error in ipv4
-> :- to
$HOME_NET ---> destination ip
msg ---> shows message which you write
sid ---> keyword is used to uniquely identify Snort rules. This information allows output plugins to identify rules easily.
100 - 1,000,000 Rules already registered . So u need to use greater than this id like 1,000,123.
rev ---> keyword is used to uniquely identify revisions of Snort rules
classtype:icmp-event ---> Categorizes the rule as an โicmp-eventโ, one of the predefined Snort categories. This option helps with rule organization.
๐ฟ๐๐ฉ๐๐๐ฉ๐๐ฃ๐
๐๐๐๐ ๐๐๐๐๐ -๐ฐ ๐๐๐๐๐๐๐ -๐ -๐ /๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐ -๐ ๐๐๐๐ถ
-A console ----> shows standard output alert
-q ----> quite mode
-i ----> interface
-c ----> config
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ฃ๐ ๐ ๐ ข๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐๐๐ข (๐๐๐: "๐๐ฒ๐ฟ ๐๐๐๐ ๐ณ๐๐๐๐๐๐๐"; ๐๐๐:๐ท๐ถ๐ถ๐ถ๐ถ๐ถ๐ถ๐ป; ๐๐๐:๐ธ; )
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ๐ ๐ ข ๐ ๐ ฃ๐ ฃ๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐พ๐ถ (๐๐๐๐๐: ๐; ๐๐๐:"๐ฟ๐๐๐๐๐๐๐ ๐ณ๐๐ ๐ฐ๐๐๐๐๐ ๐๐ข๐๐ : ๐๐๐ฝ ๐๐๐๐๐"; ๐๐๐๐ :๐๐๐๐๐๐๐๐๐; ๐๐๐:๐น; ๐๐๐๐๐๐๐๐๐_๐๐๐๐๐๐:๐๐๐๐๐ ๐๐ข_๐๐๐, ๐๐๐๐๐ ๐ธ๐ถ, ๐๐๐๐๐๐๐ ๐ท๐ถ;)
#reference__researchgate-website
๐๐ญ๐ฉ๐ง๐
Ping scan :- nmap 192.168.1.103
Tcp scan :- nmap -sT 192.168.1.103
Dos :- Use any tools๐
Written by :- I am groot [ @Etf_Zan ]
#forensics
๐ฟ๐๐ฉ๐๐๐ฉ ๐ฉโ๐ฉโ๐ดโ๐ธโ, ๐ตโ๐ฎโ๐ณโ๐ฌโ ๐๐ฉ๐... ๐ช๐จ๐๐ฃ๐ ๐ธโ๐ณโ๐ดโ๐ทโ๐นโ
Snort is a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.
My OS :- ubuntu
Let my ip address be 192.168.1.103
๐ ข๐ ๐ ฃ๐ ค๐ :- ( will be easy in future )
First you need to make some changes in configuration of snort.
๐๐๐๐ ๐๐๐๐๐ /๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐
Now, change HOME_NET IP address to your ip range.
Like,
๐๐๐๐๐ ๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐ท๐ฟ๐ธ.๐ท๐ผ๐พ.๐ท.๐ถ/๐ธ๐บ
Now go to
/๐๐๐/๐๐๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐๐
and add the rules given below
( Watch rules writing in the image. )
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ๐ ๐ ๐ ๐ ข๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐๐๐ข (๐๐๐:"๐ฟ๐๐๐ ๐๐๐๐๐๐๐๐"; ๐๐๐:๐ท๐ถ๐ถ๐ถ๐ถ๐ถ๐ท; ๐๐๐:๐ท; ๐๐๐๐๐๐๐ข๐๐:๐๐๐๐-๐๐๐๐๐;)
alert ---> show alert
ICMP ---> It's a protocol used to report error in ipv4
-> :- to
$HOME_NET ---> destination ip
msg ---> shows message which you write
sid ---> keyword is used to uniquely identify Snort rules. This information allows output plugins to identify rules easily.
100 - 1,000,000 Rules already registered . So u need to use greater than this id like 1,000,123.
rev ---> keyword is used to uniquely identify revisions of Snort rules
classtype:icmp-event ---> Categorizes the rule as an โicmp-eventโ, one of the predefined Snort categories. This option helps with rule organization.
๐ฟ๐๐ฉ๐๐๐ฉ๐๐ฃ๐
๐๐๐๐ ๐๐๐๐๐ -๐ฐ ๐๐๐๐๐๐๐ -๐ -๐ /๐๐๐/๐๐๐๐๐/๐๐๐๐๐.๐๐๐๐ -๐ ๐๐๐๐ถ
-A console ----> shows standard output alert
-q ----> quite mode
-i ----> interface
-c ----> config
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ฃ๐ ๐ ๐ ข๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐๐๐ข (๐๐๐: "๐๐ฒ๐ฟ ๐๐๐๐ ๐ณ๐๐๐๐๐๐๐"; ๐๐๐:๐ท๐ถ๐ถ๐ถ๐ถ๐ถ๐ถ๐ป; ๐๐๐:๐ธ; )
๐ ๐ ๐ ฃ๐ ๐ ๐ ฃ ๐ ๐ ๐ ข ๐ ๐ ฃ๐ ฃ๐ ๐ ๐
๐๐ช๐ก๐:-
๐๐๐๐๐ ๐๐๐ ๐๐๐ข ๐๐๐ข -> $๐ท๐พ๐ผ๐ด_๐ฝ๐ด๐ ๐พ๐ถ (๐๐๐๐๐: ๐; ๐๐๐:"๐ฟ๐๐๐๐๐๐๐ ๐ณ๐๐ ๐ฐ๐๐๐๐๐ ๐๐ข๐๐ : ๐๐๐ฝ ๐๐๐๐๐"; ๐๐๐๐ :๐๐๐๐๐๐๐๐๐; ๐๐๐:๐น; ๐๐๐๐๐๐๐๐๐_๐๐๐๐๐๐:๐๐๐๐๐ ๐๐ข_๐๐๐, ๐๐๐๐๐ ๐ธ๐ถ, ๐๐๐๐๐๐๐ ๐ท๐ถ;)
#reference__researchgate-website
๐๐ญ๐ฉ๐ง๐
Ping scan :- nmap 192.168.1.103
Tcp scan :- nmap -sT 192.168.1.103
Dos :- Use any tools๐
Written by :- I am groot [ @Etf_Zan ]
Forwarded from Team ETF (แดต แตแต แตสณแตแตแต)
Day8:-
#forensics
Well we have have learnt about snort yesterday ,on how to write your own snort rules as well as using it.
To detect ARP SPOOF,
You can use any tools from github or create your own using scapy.
Easy way:- just by looking MAC address.
Today we learn about some basics of windows registry.
Source :- YT ( 13 cubed )
I won't be covering this, u can learn in 13 cubed yt channel for more about windows forensics
#forensics
Well we have have learnt about snort yesterday ,on how to write your own snort rules as well as using it.
To detect ARP SPOOF,
You can use any tools from github or create your own using scapy.
Easy way:- just by looking MAC address.
Today we learn about some basics of windows registry.
Source :- YT ( 13 cubed )
I won't be covering this, u can learn in 13 cubed yt channel for more about windows forensics
Forwarded from Team ETF (แดต แตแต แตสณแตแตแต)
Introduction_to_Windows_Forensics.247.mkv
176.8 MB
Forwarded from Team ETF (Groot)
#forensics
Today we will discuss about malware forensics.
Here we will find the malware in our pc.
Tool :- volatility ( open source github )
Today we will discuss about malware forensics.
Here we will find the malware in our pc.
Tool :- volatility ( open source github )
Forwarded from Team ETF (Groot)
Explanation:-
There are two types of scan in volatility to detect profile.
1. By imageinfo ( above picture )
2. Kdbg scan ( tmrw I will discuss this)
Here in the above figure we can see that there we scanned using imageinfo, and it detected some of the profiles ( which os memory fike it is ).
Profile :- WinXPSP2x86 ( see highlighted)
Possible doubts :-
1.Here we have used memory dump of cridex.vmem
.vmem -> virtualbox memory
cridex is the one of the malware name
2. I already thought you earlier how to get memory file.
Error:-
There's installation error in my tool. Probably you won't get failed error while running tool.
There are two types of scan in volatility to detect profile.
1. By imageinfo ( above picture )
2. Kdbg scan ( tmrw I will discuss this)
Here in the above figure we can see that there we scanned using imageinfo, and it detected some of the profiles ( which os memory fike it is ).
Profile :- WinXPSP2x86 ( see highlighted)
Possible doubts :-
1.Here we have used memory dump of cridex.vmem
.vmem -> virtualbox memory
cridex is the one of the malware name
2. I already thought you earlier how to get memory file.
Error:-
There's installation error in my tool. Probably you won't get failed error while running tool.