How vendors get stuff/
- Thread starter Erick
- Start date
I am getting dumps via specific POS terminal malware now. I aligned with another coder to finish the product, I managed to find a live sample of dexter to see how it works, it's pretty nice piece of malware. Reverse engineered it to see how it functions exactly and then used same type of techniques to embed in my own POS malware. Next step would be to get some sort of access, whether it be RDP/VNC or even physical access. You can obviously scan and attempt to pick up pos rdps. But what is more efficient is to scan for local business IP ranges, you can even buy quality ranges of shops for very cheap (like a couple dollars) and get a list from there scan for different holes in the system. You will not always attack rdp/vnc, but look for other vulnerabilities and later use those to escalate privileges and gain leverage on pre-defined exploits. The next step is that every POS is different. If you want the absolute best results, you recognize patterns on the existing POS and try to emulate the environment on your own spare PC with msr and that POS software. This way you exactly how it functions and then next step is to write custom malware from base up that attacks that POS system. This way you will successfully gather all the data and siphon it to whatever delivery method you prefer...a lot is done via fast flux C&C now.
Just my two cents, but you must also be aware that a vast majority of these dump vendors have 2-3 suppliers. The same suppliers, with various bases. Why do you think the same Canada and India base was going around and every dump vendor updated with that? Because its a few suppliers who are pushing these dumps to vendors. Most vendors don't know jack shit about extraction of dumps
Just my two cents, but you must also be aware that a vast majority of these dump vendors have 2-3 suppliers. The same suppliers, with various bases. Why do you think the same Canada and India base was going around and every dump vendor updated with that? Because its a few suppliers who are pushing these dumps to vendors. Most vendors don't know jack shit about extraction of dumps
I am getting dumps via specific POS terminal malware now. I aligned with another coder to finish the product, I managed to find a live sample of dexter to see how it works, it's pretty nice piece of malware. Reverse engineered it to see how it functions exactly and then used same type of techniques to embed in my own POS malware. Next step would be to get some sort of access, whether it be RDP/VNC or even physical access. You can obviously scan and attempt to pick up pos rdps. But what is more efficient is to scan for local business IP ranges, you can even buy quality ranges of shops for very cheap (like a couple dollars) and get a list from there scan for different holes in the system. You will not always attack rdp/vnc, but look for other vulnerabilities and later use those to escalate privileges and gain leverage on pre-defined exploits. The next step is that every POS is different. If you want the absolute best results, you recognize patterns on the existing POS and try to emulate the environment on your own spare PC with msr and that POS software. This way you exactly how it functions and then next step is to write custom malware from base up that attacks that POS system. This way you will successfully gather all the data and siphon it to whatever delivery method you prefer...a lot is done via fast flux C&C now.
Just my two cents, but you must also be aware that a vast majority of these dump vendors have 2-3 suppliers. The same suppliers, with various bases. Why do you think the same Canada and India base was going around and every dump vendor updated with that? Because its a few suppliers who are pushing these dumps to vendors. Most vendors don't know jack shit about extraction of dumps
Are you expecting people to flow now with +1 ?
u waste too much of ur time trying to pretend in being smart...is it benefic?You guys have to take into consideration that the rdp holes on port 3389 got raped back in 2008 when a lot of people started attacking it and now it is not as easy as once used to be, there are various other approaches-think for yourself, the research is there. It also helps reading white papers released periodically but top notch universities as they are most up to date and do extensive testing
---------- Сообщение добавлено в 06:49 AM ---------- Предыдущее сообщение размещено в 06:48 AM ----------
Don't be mad your other account got exposed, stay ignorant mentally impaired low life.
---------- Сообщение добавлено в 06:49 AM ---------- Предыдущее сообщение размещено в 06:48 AM ----------
Are you expecting people to flow now with +1 ?
Don't be mad your other account got exposed, stay ignorant mentally impaired low life.
Mailer-Daemon
Professional
Lol you two boys fight each other like a pro, with registration few days apart, just saying it looks awkwardly funny, Id call deanon service on both of you to make sure you're not the clones throwing clown show...
Are you serious? Why are you always running around forum trying to parol it. Don't make wild assumptions, its evident that he is upset because I exposed his clone account. You on the other hand need to keep such comments to yourself and stop accusing others. I have no reason to waste my time fighting with such member but I of course will not take aggressive comments toward me by him or you for that matter get your head out of the ass and wake the hell up.
Mailer-Daemon
Professional
lol youre a meanie, aren't you. No offense taken though lol seems lie ktruth hurts, doesnt it? popcorn
on serious note I am a member of this forum and I respect rules and its users and I expect the same behavior from its members, you seem to fail my expectations here a bit...
Last edited:
No offense to you man, I try and respect to you as well. But yes it does kind of anger me when you can say stuff out of context. Sorry if i came off wrong, it was just in heat of moment; have a good day!
bosscartel1
Member
Well said Xehanort.
You guys are so funny. Now is all about dexter malware. That's just another ram scrapper with same functions than any other. Just because it have a loop inside and communicates with some php panel, everybody talks like it's "the carder software"... I just saw in this thread the user Xehanort sayin he reversed the dexter malware to copy the functions???? lollll... I just think: who have knowledge to reverse a malware and know exactly how it works, but can't create his own? Specially when talking about ram scrappers, such a simple malware... Stop licking balls from other people work and do your own guys.
Don't be so silly. People reverse engineer Dexter to hijack C&C and for interest see the inner workings, find possible leads to original author and such out of interest and curiosity. There's nothing wrong with knowing how it truly works, this is just the hunger and quest for knowledge which you fail to understand. For example, you and I both know Xylitol is capable of making simple basic RAM scrapper; but that doesn't mean his interest in analyzing the files dies. It's out of curiosity and to see how inner workings of the code actually is. ) Do you even know how inject to process or ReadProcessMemory, hooks, php gateway works? Stop acting as if you far surpass knowledge and have made solid tools of your own lol. Furthermore, when you RE certain pieces of malware you learn about different POS software at a much faster rate-this my friend is called Efficiency. If you ever had real job programming you can relate it to MSDN ) .Also p3rito I hope you would know the new variant of Dexter is not simple "RAM Scrapper" malware; yes I admit it's not as complex as Zeus or other banking trojans, but that's because it doesn't need to be. It's just that RAM scrappers get underlying job completed; The malware can also directly ‘plug’ or hook into the payment application’s internals and analyze content of its buffers used to temporarily store credit card data in transit. It acts in a way similar to a man-in-the-middle attack with no modification of data involved (in other words, whatever application is processing – it will be first ‘seen’ by malware before it is passed to the legitimate payment processing application; and this is when data gets sniffed/stolen/dumped).
Second phase that is pretty interesting and where you are not looking at the broad idea; but looking at known tools i.e(dexter, mmom, rdasrv, dnsmgr) is how we can make malware recognize and automatically interact with the payment system in real time. You essentially have to construct a base up plugin for a legitimate payment processor. POS malware is very flexible and is not limited to just RAM scrapper; there is whole body of tools for carrying out different tasks. Depends on how you build it; what you are talking about are very basic straight forward tools that use ReadProcessMemory API..which in my opinion is not very effective. Although It's sole purpose is to grab track data on the fly-you're not looking at the bigger picture, there's more to the story then simple "Ram Scrapper", think along the linkes of a whole toolkit being assembled.
More so, I'm interested in Embedded Systems so obviously I would love to research about stuff in the wild as any one who enjoys RE'ing would.
Last edited:
Yea its hard to find sample of it unless you have sources in AV companies.
Anyways its good to know there's someone on board who can understand and learn from what i write,
. Cya around bro!
Similar threads
- Sticky
