Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,316
- Points
- 113
Lecturer: Payne
Let's start the lecture.
Greetings. Lecture topic: “Security and configuration of a virtual machine.” The lecture includes three sections: handling information, setting up a virtual machine, and financial transactions from the point of view of online privacy.
The first section, the basics of information hygiene.
1. Behavioral characteristics.
• first of all, you cannot talk about your type of activity and personal circumstances (location, family composition, education, etc.) regardless of the level of trust in your interlocutor - including, do not involve friends or relatives from real life in the work or otherwise communicate online -activities with offline activity. Finding something is much easier if you know where to look, so “my tongue is my enemy”;
• the separation must also be technical: a personal system with personal data cannot be used for “gray” activities, otherwise the risk of information leakage increases. Moreover, it is also possible to isolate data at the hardware level - using separate devices, but if all recommendations are followed, this is not absolutely necessary and virtual machines can be considered a sufficient substitute;
• devices and operating systems should not be in plaintext 24/7 - turned on, decrypted and authorized on dubious sites. If an outsider can physically gain access to sensitive information at any unexpected moment, the whole point of hiding it in the first place is lost;
• it is reasonable not to conduct activities in the location where you are located, especially in the “post-Soviet” space. Finding a resident within immediate physical and administrative reach requires less effort, which is once again confirmed by observations. This means that the use of this kind of material, stores and services is undesirable from the point of view of common sense and the “code of honor” has nothing to do with it;
• the use of personal data in any transactions (financial, transport, etc.) is unacceptable. In-person receipt of parcels, details, phone numbers, emails, nicknames and social networks are replaced by intermediaries, dummies (droppers) and third-party information. Many services freely accommodate requests for disclosure of information, therefore, the less data to search, the better.
2. Technical recommendations.
• encryption. Conventionally, this is placing data in a safe, the password to which only the owner knows. Virtual machines, files, and more must be in an encrypted area, and the area can be located, for example, on physical media that can be easily removed if necessary (flash drive, external drive, or separate device), on the main system in a hidden form, or on a dedicated server (VPS);
• the VeraCrypt program is used for encryption. Built-in tools from Windows or MAC operating systems are not recommended due to predominantly closed source code, vulnerabilities, and general security concerns. The main types of encrypted area in different combinations come down to the following: container, double bottom container, entire drive and hidden operating system.
The container is a “safe” that must be decrypted with a password. A container with a double bottom is a safe with two compartments, and when you enter different passwords, different parts open, respectively, in case there are no options left and at least something needs to be shown. You can encrypt the entire drive, and the hidden operating system is, in fact, a container with a double bottom on the scale of the entire system.
Approximate minimum requirements for the volume and type of drive for comfortable work: from 128GB of memory, USB connection version 3.0+ and, if possible, an SSD drive instead of a standard hard drive. Step-by-step setup guides are available on the forum and in the program help; in addition, the functionality is intuitive;
• Given a choice, it is worth using open-source software wherever possible. Information leaks, vulnerabilities undetected by the community, backdoors (intentionally introduced vulnerabilities) or crazy licensing agreements are just a few of the possible problems with closed source programs. Open-source, of course, is also not a panacea, but in terms of reliability it is incomparably better.
In particular, it is appropriate to abandon antivirus programs - programs that actually scan and transmit operating system data to third-party servers. Instead, it is better to open suspicious links and unverified files inside an isolated virtual machine, and keep critical information in a closed form, for example, in a separate container or in open-source password managers like KeePass;
• passwords, in turn, for each service must be unique. The result of using identical passwords may be the loss of several accesses at once, since if the database of one service is leaked, information from it can be used on others. It is also useful to install spirit factor authentication (2FA) on your accounts - additional temporary passwords, for example, in the OTP, Authy programs or in the backup email format;
• Physical SIMs are easy to track, so any registrations that require mobile activation are best done through virtual phone numbers. The necessary services can quickly be found by searching for “SMS activator”, and the forum also has services for receiving messages to real numbers in different countries. Accounts created in this way will be protected from loss by two-factor authentication;
• there are two main messengers for communication: Jabber and Telegram. Other popular services tend to have a track record of leaks or vulnerabilities. Correspondence and clients must be stored in a protected area; for Telegram - set a 2FA password, and in the case of Jabber, firstly, use trusted servers, and secondly, enable OTR encryption (in the client PSI+ is available in plugins, for Pidgin it is downloaded separately);
• It makes sense to periodically create encrypted backup copies of key information for storage outside the working operating system in case of loss of access or technical problems. However, it is not recommended to use cloud data storages - it is not known exactly who can have access to them and to what extent, and in general this is an additional attack vector.
The summary of the first section can be formulated as follows: frivolity and half-measures in matters of information security have negative consequences. Following simple operating principles is not as troublesome as getting into trouble due to naivety or losing your finances by losing access to your accounts.
Second section, setting up a virtual machine.
Virtualization programs are VMware and VritualBox, where the latter option also works on Linux, and the solution for MAC is Parallels Desktop. The settings are the same regardless of the system, and the choice of program does not really matter. For the VM to work, virtualization must be enabled in the BIOS (usually by default) - the verification method differs on different devices, so it’s worth using the search.
1. Programs required for operation.
• VPN. An encrypted connection between the user and the server through which the network is accessed in order to hide Internet traffic (actions) and change the user’s IP address. A commercial VPN service should not have: logging (saving history), experience of data disclosure, as well as obvious disgrace in the license agreement regarding privacy.
To insure against leakage of the real IP address in the event of an unintentional disconnection from the server, most VPN clients have an emergency traffic blocking function called “KillSwitch” or something similar. If there is no such function, you can configure it yourself: for example, in VPN programs like OpenVPN or in the built-in system firewall by prohibiting access to the network for all connections except the desired client.
VPN is not only commercial - it is also possible to independently set up a dedicated server (or several) for connecting. However, the instructions would require a whole lecture, and there are tons of them on the Internet, so it will not be considered. To avoid conflicts with other IP accesses, VPN must be connected on the main system (or the one located before the actual working one);
• general browsers, such as Chrome, Edge, Firefox, Safari, portable versions, as well as the confidential TOR browser. The latter is needed exclusively for surfing and transactions cannot be made from it - forums and various services often have mirrors in the .onion zone (“in the Tor”), which must be visited through TOR;
• sites determine the user’s IP address, so during operation the VPN server address is replaced with another one (for example, to the location of the owner of the material) using third-party IP accesses - mainly socks (proxy) or SSH (tunnels). They have the following format: IP-port + login-password (login and password are not always); To connect, use the Proxifier program for socks and Bitvise or PuTTY for SSH, respectively.
In Proxifier, the “Resolve hostnames through proxy” checkbox is enabled in the “Name Resolutions” item, the socks itself are added in the “Proxy Servers” tab. When using Proxifier in conjunction with Bitvise or PuTTY for SSH, a rule is added to “Rules” on the shortcut of the desired client, where the first or second item is selected in “Action”; socks in this case should be 127.0.0.1:8081/8080 without a password.
Then the data from socks or SSH is simply entered into the appropriate fields for IP, port, login (username) and password in the programs. If problems arise on the network, there are enough manuals for use, but in general there is no need to familiarize yourself in more detail.
Both IP accesses perform the function of IP address spoofing; simultaneous connection is not required. The practical difference is something like this: on average, finding clean socks for the desired location is easier, but SSH may remain working longer or have unusual characteristics such as a rare Internet provider. In other words, the good that can be found is used.
To use IP accesses of all types (socks, SSH, VPN, etc.), it is not necessary to understand the detailed structure of their protocols and the technical features of their operation. Just as you don’t need to understand programming in order to navigate the operating system at a sufficient level. Correct setup without leaks is much more important, so at the beginning of training there is no point in focusing on minor things and getting so confused;
• antidetect - a special browser that replaces device characteristics and system fingerprints in order to mask the session, significantly automating the process. SSH and socks can also be connected in the browser itself. However, despite the disguise, for security reasons it is worth storing the antidetect on a virtual system and in an encrypted area. Use as desired, there will be a lecture on this topic;
• a convenient text editor for keeping records that meets the requirements described above: open-source, no cloud storage and no bad reputation. Theoretically, a standard notepad will suffice, of course, but you can find good alternatives on the Internet using the query “open source text editor.”
As a result, the minimum acceptable configuration looks like this: main system > VPN > encrypted area > virtual system > socks/SSH > Internet. The chain is variable and can be supplemented in every possible way by introducing new links. For example, the last two points can be replaced with remote desktops (VPS, RDP...) or supplemented with a VPN series and antidetect - in general, the options are limited only by the imagination.
2. Parameters. Risks when conducting transactions in stores and services are assessed by “anti-fraud systems” based on a variety of internal rules, filters and lists. Naturally, the desire to bypass the “barrier” of anti-fraud systems and successfully conduct a transaction requires understanding the inner workings and developing the skill of camouflage. For convenience, the parameters can be divided into two categories: IP address and digital fingerprints.
A. IP address options include:
• black lists. Databases with suspicious IP addresses seen in DDoS attacks, spam and other dubious activity. They are formed by special services that business companies such as payment systems and banks turn to to check their visitors. Logically, ordering from a particularly dirty IP address will most likely fail: there is no place to put stamps on any TOR or public VPN;
• DNS is a domain name system, a kind of add-on to the IP address and does not have to completely coincide with it. It cannot be called a decisive factor, but physical proximity or visible similarity to the main IP address is without a doubt a plus. Of course, personal DNS should not leak.
IP accesses (socks/SSH) may not have their own DNS, in which case the address will come from the previous one in the sequence of IP access connections, for example, a VPN. You can adjust it like this: select a suitable VPN server, enter a public address from public access into the network adapter in the “Network and Sharing Center” or into the settings of the router (router);
• WebRTC technology: https://shorturl.at/epsFG. Optimally, the IP address displayed in the WebRTC column should be identical to the one being replaced, however, depending on the browser and settings, there may be a leak right up to the present one. If a discrepancy is observed during the check, the address can be replaced, for example, through antidetect, or disabled in accordance with the instructions on the link;
• Internet provider and host name (ISP, hostname). You may come across flashy names (“proxy”, “hidden”, “VPN”, etc.), from which the fact of hiding traffic will become obvious - which, in fact, is one of the calling cards of a typical scammer.
In addition, there are services that provide corporate or private allocation of virtual servers for remote access. As with the ISP, the IP address belonging to such a service or specific server systems contradict the pattern of the average buyer. It is useful to keep statistics of the headlines and titles encountered;
• two-way ping—the approximate time it takes for visitor traffic to reach the server. If characteristic indicators are detected (usually at least 40ms), the IP address is recognized as a tunnel (SSH), which, from the point of view of anti-fraud systems, can be one of the indicators of a potential fraudulent operation.
Unfortunately, without administrative control over IP access (having a login and password just doesn’t give it), the delay is not eliminated and the following options remain: changing IP access (socks/SSH) or changing the link leading up to it in the connection chain, for example , VPN servers. However, it doesn’t always work, and you shouldn’t give in to paranoia without real experiments with a specific anti-fraud system;
• open ports: 80, 81, 1080, 8080, etc. Theoretically, they talk about using proxy means (socks), but at the same time they are a double-edged sword. Firstly, a significant number of such accesses are just web admins of routers. Secondly, contrary to the claims of “anonymity verification” sites, a lot of pure traffic is generated from IP addresses of the above types.
In conclusion, since aggressive suppression of any suspicious elements would also lead to suffering for ordinary users, perfection in all respects is not necessary. In addition, there is a whole carriage and a small cart of other rules for assessing risks. Here are just a couple of consequences of this fact: transactions from the same IP address using different payment methods are possible, and slightly “dirty” IP addresses can be effective.
Many properties of an IP address are not “good” or “bad” in and of themselves. VPNs, proxies, servers and similar tools can easily be associated with a business, university, telecom operator and other legitimate activities. Moreover, traffic from groups of users can additionally enter the network through a single gateway, for example, to apply a firewall or improve performance.
The method for calculating the likelihood of using a proxy is called “proxyScore”. “riskScore” - as the name suggests, a risk assessment when analyzing a transaction in general or an IP address in particular. They are designated within the range of 0-100, respectively, the higher the value, the worse. Mostly, verification services are integrated into material stores, and private representatives can be found on the forum and online.
B. Digital fingerprints are the collective name for unique information “imprints” from different browser and operating system settings. Many fingerprints are actively used by websites and anti-fraud systems both for analyzing transactions and for simple surveillance, because they allow you to recognize the user despite changing the IP address, clearing cookies, and, with a strong system, some settings.
From a privacy perspective, this is a set of methods by which a user is identified from others. As, in fact, with fingerprints - and this is also the reason for the need to isolate the work environment: there is a big difference between assigning an identifier to a random observer to collect statistics and a potential “buyer”. Often the data collection and analysis scenario includes:
• user-agent. Together with the IP address, the first information that the site receives about the user is the browser version, language, device type and operating system. First, the language properties must be consistent with the masking: if the IP address is English-speaking, so is the system and browser. Secondly, in the context of statistical analysis, the choice of browser, device and system is equally important.
For example, obviously suspicious socks or SSH mostly run on Linux, which affects the attitude towards the system itself; On average, there are fewer fraudulent transactions from mobile phones, which means they are more trustworthy; TOR is a confidential browser, which nevertheless simply cannot be more suspicious, and operating systems have a popularity rating.
In other words, the greater the percentage and proportion of bona fide traffic a certain platform has in the world, the easier it is to blend into the crowd and resemble the average buyer. Although statistics are collected in real time and depend on the individual service, in general suitable options are: operating systems Windows, MAC, IOS, Android; browsers: Chrome, Edge, Safari, Firefox;
• screen resolution, window size, scaling. Extremely rare combinations of data highlight and unique the user, and those that contradict the user-agent information due to the use of antidetect or emulators (virtual machines of mobile devices) may raise suspicions: conditionally, the phone does not have computer permission;
• Like the language, the time settings with the system time zone must match the location of the IP address. You need to pay attention to time in another context: with stable work from a specific location and with one anti-fraud system, a constant deviation can lead to identification - for example, if a number of clients (actually one) have a difference between the system and the exact local time of exactly in 3 minutes;
• operating system fonts. Fixing fonts using the JavaScript programming language is a popular technique for user uniqueness. Operating systems have them by default, and the general list is replenished by installing programs with their own fonts: various types of Office, Adobe, and so on;
• passive OS fingerprint. It is formed from the operating system-specific parameters of data transfer to the network: size, lifetime of traffic packets, and others. A contradiction in the fingerprints of the IP address and user-agent (for example, traffic is transferred to a Linux proxy via IP access, while a Windows desktop is used) equals a flaw in the user's portrait.
Using standard means, you can fix it like this: change the IP access or the device itself, distribute WiFi from the configuration of the required device, for example, through an emulator, or ignore the drawback - when working with a compliant anti-fraud system and with a good overall impression of the client, this point is not key;
• extensions & plugins installed in the browser. They are detected by good anti-fraud systems by requesting certain ids in the browser and recording changes in display on the page. A trivial ad blocker is unlikely to radically affect the situation (although it will uniquely identify the user), but tools for falsifying user-agent and fingerprints can play a cruel joke;
• HTML5 Canvas (“canvas fingerprint”) and WebGL. Seamless rendering of visual elements using GPU resources with effects applied to them: text for Canvas and 3D objects for WebGL. After processing, the data is converted into a hash code and added to the overall fingerprint to identify the user.
Fonts, GPU driver versions, color depth, filtering, lighting and shadows, textures and so on - to produce a personalized result, the hardware and software features of the device are used, where each of the fragments is a variable, and as a result, the existence of distinctive features is quite understandable;
• audio fingerprint (AudioContext Fingerprint). Reproduction and evaluation of low-frequency audio signals, like Canvas and WebGL, proceeds covertly, taking into account the characteristics of the user's system and equipment. The content is: bitrate, decibel value, number of incoming and outgoing channels, output delay, sampling frequency, operation execution time, and more, based on the anti-fraud system. It is possible to adjust the indicators by changing the system, device, modifying parameters with antidetect, in the “Virtual Audio Cable” program or analogues. Far from being the most common print;
• cookie - a small piece of authorization data and user settings stored in the operating system for a specific site. Using old cookies for a new disguise is the same as entering the same contact information on two different accounts within the same store. Unambiguous identification. Therefore, when changing sessions, you need to get rid of them.
Let's summarize the second section. Cleverly protecting yourself from collecting a number of fingerprints by disabling the JavaScript programming language in your browser, with which they are retrieved, is not an option. In this case, many sites will stop working normally, and there is no need to talk about strict compliance with the pattern of a respectable buyer.
This is precisely why camouflage is needed - to change the components of fingerprints and thus achieve credibility and diversity of profiles, and also avoid identification. The principle is as follows: for example, changing the device will affect the user-agent, extensions or plugins will affect the browser, and the choice of fonts will affect the entire system.
However, it is important not to upset the delicate balance, because particularly rare settings lead to uniqueness. Ironically, even disabling tracking in the browser settings (doNotTrack) or disabling cookies are in themselves options that distinguish the user. Add to this atypical fonts or extensions, and we already have the opposite of the desired effect in the long term, a recognizable imprint.
On the other hand, anti-fraud systems are a tool for predicting risks, but the main task of any store is to consistently generate and maximize profits. Stores are able to control algorithms so that their anti-fraud systems do not react to every “zilch”, exposing honest customers to the hot hand.
For any reason, be it a low-risk assortment or maximizing profits, stores set their own combinations of rules and the acceptable threshold for anomalies in prints. Thus, individual checks may be missing, and errors may not be taken into account, for example, AudioContext or some blacklists; and on the contrary, somewhere they will press on all fronts. In the end, the point is, rather, in a certain critical mass within a specific anti-fraud system.
In addition, it is worth noting the dynamism in the assessments of anti-fraud systems. Blacklists, providers, IP address locations and other parameters, firstly, can change on their own due to data updating, and secondly, they can be perceived differently by anti-fraud systems depending on their own statistics and information from database providers , “weather”... that’s why it’s so important to collect information.
Examples of sites for checking the characteristics of an IP address and operating system fingerprints (so-called anonymity verification services): whoer.net; browserleaks.com; 2ip.ru/privacy/; ip-score.com; maxmind.com; f.vision. Repeated checking of proxyScore, riskScore and Black Lists indicators sometimes provokes IP address contamination; you should not overdo it.
Third section, financial turnover.
The main tool for making transactions is cryptocurrencies. The most suitable options, tested by time and the community: Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Monero (XMR). The use of supposedly more technically advanced or investment-friendly cryptocurrencies, as well as USDT and other “stablecoins” is at your own discretion.
The advantage of cryptocurrencies over other financial instruments is confidentiality - there is no need to support transactions with personal data of the sender and recipient. However, cryptocurrencies cannot be called “anonymous” due to the availability of transactions in clear text, which makes it possible to track the movement of funds. Consequently, they do not give carte blanche in the matter of financial transactions.
You can confuse the tracks like this: changing the receiving and sending addresses (available in many wallets), passing funds through various exchangers and cryptocurrencies, cash transactions and the use of “mixers” - services for anonymizing transactions by splitting client funds into small parts and then mixing them together. The choice of exchangers and mixers is independent, based on reviews and reputation.
There are two types of wallets: “hot” and “cold”. Hot ones need access to the Internet - exchanges, online wallets and exchangers. In this case, the coins are kept by the service, and the client only gets access to them. In turn, cold wallets are hosted locally, for example, in the operating system or on a separate device, and in the absence of information leaks, only the owner has access to them.
Despite the disadvantages of hot wallets, they are convenient for frequent use, while the point of cold wallets is reliable storage and the absence of intermediaries. Examples of wallets: “Bitcoin Core” (a cold official wallet, but weighs a lot), “Electrum” (conditionally cold, but unlike Bitcoin Core the entire blockchain is not installed); “Exodus”, “MetaMask” are relatively cold, but a lot of data is transferred to service servers.
As with cryptocurrencies, the use of alternative wallets (Ledger, Trezor, etc.) or full-fledged exchanges that require verification of personal data is at your own peril and risk. In many private services, vulnerabilities or backdoors are sometimes discovered, and exchanges even tend to go bankrupt and block accounts. In addition, when working with cryptocurrencies, you need to take into account the instability of exchange rates.
For fiat currencies (USD, EUR, RUB, etc.) and transactions from official exchanges, wallets or exchangers, an incognito behavior model is applied. The history of customer actions is saved, so personal IP addresses, personal data and device fingerprints should not be involved in the process of suspicious financial transactions. Instead you can use:
• virtual machines, SMS activators, VPN;
• many services work with cash. Suitable for both withdrawal and deposit of funds;
• use of terminals to replenish pre-registered confidential wallets;
• accounts for dummies (drops). Risks include blocking and theft, so it is better not to withhold funds and change accounts periodically. Verification services, sales of accounts and cards are available on the forum.
The informal rule of cooperation with users in the field of activity is Garant-Service. Saves nerve cells and finances.
That's all, let's move on to the questions, put "?".
Veles24 20:41
1. I have an encrypted SSD and there is a Windows image there, is this enough for encryption + is it worth the VPN based?
2.How to find out the victim’s browser?
3.Will it be enough to use only the sphere there toe?
Payne 20:43
1. Yes, this is one of the formats of the minimum acceptable configuration.
2. No, only if specific information is available, for example, from material like logs.
3. For direct transactions - yes. In a security context, this is unacceptable. It's hard to think of anything worse than a direct connection from a personal IP address to the IP address from which a fraudulent transaction is being made.
BaronLuffy 20:43
1.If you take mobile proxies, it turns out you need to adjust the settings in the anti-detection browser to the phone, right? 2.What is a hybrid in Linken Sphere when setting up a fingerprint? What benefits does it provide?
Payne 20:44
1. Optional, using a mobile connection type on a computer agent is quite understandable. But you can experiment.
2. There will be a separate lecture on antidetects, wait.
alcapon 20:44
How does the Auto Warm function work in Linken Sphere? Can you completely trust it, or do you have to heat it manually afterwards?
Payne 20:44
There will be a separate lecture on antidetects, wait for it
Serpentin666 20:45
1. What can you say about 922 proxy? ISPs display real providers there. But the ping is high
2. What crypto wallet can you recommend for the desktop version on a virtual machine?
Payne 20:46
1. The choice of commercial services is independent. We cannot vouch for private sellers.
2. The best is official, open source. But in general it depends on intentions and desires. Examples are described in the lecture.
KimJo 20:46
Payne: KeePass seems to have cloud storage synchronization between devices, if so, is it safe to use?
Payne 20:46
Any cloud cannot be secure simply by definition, so no.
Balto 20:46
1. Before buying a proxy, you need to check it using ProxyScore. Does anyone use it? What test result should be adequate according to our requirements?
2. riskScore what score 0-100 is considered normal?
3. To work with Telegram, can you log in from your personal device and IP? Or can I use a personal device + VPN? or what combination?
Payne 20:49
1. A) I don’t quite understand the question. Of course, it is better to know what you are buying - and choose pure material. B) The less, the better.
2. Likewise. Conventionally, we can say 0-15, but in general it depends on the service with which you plan to work. Everyone has their own opinion on this matter.
3. A) Of course not. Something like that was openly prohibited in the lecture. How can one even come to such a conclusion? This is literally evidence in a crime case. B) The minimum acceptable configuration is described in the lecture.
ht_ice 20:49
1.Why do you need Tor in a secure connection?
I see that many people use it
I have tried to switch to it more than once for everyday use, but I can’t cope with the fact that absolutely all pages take 5 or even more times longer to load than any other browser.
2.What rules should you follow to create a secure password, but one that you can remember?
How safe is it to store all your passwords in Keeper and iCloud?
3. I would like to hear recommendations on choosing a crypto wallet
Offline or online, where is it better to store it? (base, virtual machine, can you store it on your phone?)
4.Where to look for socks and SSH for work?
5.Did I understand correctly that the more specific fonts are installed, the more uniqueness (making you stand out from the crowd) it creates?
Payne 20:54
1. To increase confidentiality due to connection protocols built into the browser, namely, multiple traffic proxying; as well as using various tools to hide or limit the availability of technical fingerprints.
2. A) It's difficult to say. Memory is a purely personal matter. I don't know what you remember better. B) I haven’t heard of Keeper, but iCloud is unacceptable.
3. Described in the lecture. And storing evidence of a crime on your phone - well, we can’t prohibit it, but this is simply absurd. I sincerely don’t understand where such an opinion could even come from.
4. There are services for selling material on the forum.
5. True. And the more you stand out from the crowd, the worse it is, on average.
Mr_Lotus 20:54
1.On the question of the location in which you operate
It turns out that the specifics of our activities will not allow us to visit the countries in which work will be carried out, including the USA/Canada?
Or is it still possible if certain measures are taken?
2. I know that it is undesirable to use the copy/paste function for text, including from system to system
Is there any solution so as not to interrupt manually every time?
3. Does using antique completely solve the issue of leaking real digital fingerprints?
4.When creating each new virtual machine, will each have a unique new IP address or the same one from the main system?
5.Currently I use the following security chain:
OpenVpn with an activated killswitch on the main system - then a crypto container - inside a vmbox with Windows
VMBox already has a gill, access to the forum through Mozilla, without Torus, as well as other not entirely clean things, and all this from home wifi
Does this at least meet the minimum requirements and what basic safety chain would you recommend?
6.What do you think about OpenVPN?
And what VPN would you recommend?
KimJo 20:56
Payne: 1. Is there any real experience of someone using a double bottom on a forum? Does this happen more often due to violations of the first point “my tongue is my enemy”?
2. What is the best way to register accounts in TG, maybe there are instructions/discussion on the forum? (The plan is to find such a service with telephone numbers for registration, so that you can re-login to your account, and not have a different telephone number each time)
3. And if you can’t keep additional TG accounts next to your own, is it better to have a separate phone for such data? Or should we use everything only on a PC in the encrypted area?
4. In the image of the virtual machine that comes with the topic for training, there is a PaleMoon browser - what can you say about it? Is it somehow useful?
I'm sorry, I accidentally pressed enter.
Payne 20:58
Mr_Lotus
1. Possible if all precautions are taken.
2. A number of antidetects have an imitation of manual input.
3. In the absence of actual leaks and all other things being equal - yes, especially if the antidetect is hosted on a virtual machine. However, it is important to remember that in this case we are talking exclusively about technical characteristics.
4. IP address is a property of the Internet provider. A virtual machine is an operating system. The operating system does not have an Internet connection by default, these are different things.
5. Yes, this is literally the minimum configuration.
6. This was given as an example in the lecture, so you can use it accordingly. But this is just a client for connecting configs, and not the actual VPN server. And the best way to use it is, of course, personal.
KimJo
1. Most of the events occur mainly due to violations of the first point. Another huge part is due to financial connections. And the first part of the question contradicts itself. If the double bottom was useful and they found out about it, then this means that it was not useful, because they found out about it, and the question is automatically removed.
2. This is how it was described. Virtual activators - on the Internet, on the forum. Set 2fa and you can sit until you’re blue in the face (there are rare exceptions, but still).
3. Second.
4. Unfortunately, I can’t say anything special or interesting.
Akpatyr 21:03
1 Regarding VPN, yesterday I dropped https://www.ivpn.net/, https://www.ovpn.com/. I paid for https://www.ivpn.net/ but it seems MTS does not allow me to connect to it. Is there any service so that the provider does not block it?
GorilaDuster 21:03
what is the safest VPN, yesterday two were recommended and today there is a third one. In the end, which one is safest?
Payne 21:04
GorilaDuster - the most secure VPN - it's personal.
Akpatyr Specify in Question/Answer. It’s still difficult to know for every provider anywhere in the world. Or you can look for something in advance to bypass blocks using tools like ShadowSocks or Amnezia.
stormspecter 21:05
1.Where can I look at the DNS? For example, on Vhuer, but I’m more interested in how I can change it or how I can find a suitable one with physical proximity?
2.Are there methods that allow you to change the finger print and convas data?
Payne 21:07
1. How to change was discussed in the lecture, and physical proximity in the context of DNS is not as important as in relation to the main IP address. The DNS is selected for a conditional state or country, for example, by including the corresponding location in the public DNS link (there are lists on the network, often updated) or an additional link of the desired location.
2. Antidetects, changing the device, its components or settings.
Peter_Parker 21:07
1. About DNS leaks, how to protect yourself from them, as well as their danger on the input side (main ip->vpn) and on the output side (proxy->service)?
2. Is it worth changing locations for work or is a home environment permanently welcome?
3. If you use a combination of VPN->tor (not the browser, but traffic through it)->proxy/ssh (for work). The speed will be slow, but will this affect the anti-fraud system? If so, how?
4. Recommend Android emulators at your discretion (To make a clean TG, and not take someone else’s, you need to register from your phone).
5. Everything: user-agent, convas, etc... not suitable due to extensions, right?
Payne 21:11
1. What is the question? Protect against leaks. Check them using checkers and exclude them.
2. Not at all important. The technical side of the issue is much more important.
3. It will not affect, except in the context of the speed itself (that is, two-way ping), and then, with some probability and depending on the target service. The site does not see the previous link in the chain of connections, otherwise what would be the point in hiding the traffic.
4. Bluestacks, memu, nox. There are only a few of them, you can use them all.
5. In plan? Are we talking about substitution using browser extensions? As a rule, it is easily determined, so yes, it is not suitable in practice.
_LB 21:11
Is it most practical to use Windows inside a virtual machine, or does it make sense to use Linux for detailed, competent configuration of the client’s technical properties?
Payne 21:12
If we're talking about practicality, then Windows. For detailed and competent configuration - Linux, yes. But it largely depends on the desired type of configuration, especially regarding the Internet connection.
ya8no 21:13
where to look for services for working with fiat currencies on the forum, or what are they called? And I don’t understand about the cart, sorry for the stupidity MB, that is, it’s ok to sit on a computer under a VPN and from a mobile phone or not? )
Payne 21:14
1. Currency exchange.
2. From a computer via VPN and from an encrypted area it is possible, from a phone - not, even with a VPN, because the level of physical accessibility is different.
nlf 21:14
1. Question about the second part: all measures for working with stores (user-agent), IP address and other digital fingerprints - are they solved by a combination of antidetect with a certain configuration (for example, octo) + a certain resident proxy? Do you manually change any system or browser settings before work or do you use any automated combination? 2. Question about the third part: which connection for withdrawing funds would you personally recommend using? 3. I was told that it would not be possible to pay for the material with Monero and receive payments using this crypt, since few people use it. what is the reason for her unpopularity, given that, by all logic, she is best suited for this activity due to confidentiality? 4. Do you need to use Telegram for work from your personal number? thanks for the lecture. By the next one, I hope I’ll understand what’s written in this one
Payne 21:17
1. A) Yes, as a rule. B) They don’t talk about personal things.
2. Same thing. To say something like this is to create vulnerability.
3. I'm not sure, to be honest. Probably due to the fact that official, legitimate services trust her less. And such services form the market, which, in turn, affects the scale and accessibility of the ecosystem. Plus, there are technical differences - both in ease of use and in the blockchain itself.
4. Um, why use telegram to work from a personal number? I hope they just missed it. Answered in the lecture.
timbuhta 21:19
Can you tell us in more detail how containers with a double bottom are created? It’s just that inside one conventional flash drive one information cannot be recorded and stored on top of another. you need to somehow divide this flash drive into different sections and encrypt them. but if you have to give one of the passwords to the police, then they will see that there is only half of the maximum capacity of the flash drive. In general, I would like to know more about this process. thanks for the answer and for the lecture
BaronLuffy 21:19
1. What does reservation in the panel at the drop ship mean? Can I hit the same shop as in armor?
Payne 21:20
timbuhta The program's help contains detailed information.
BaronLuffy Depends on the context. Probably, we are talking about booking a specific drop for a specific store, so that it doesn’t turn out that several people use it in one place and thus interfere with each other.
Granularius 21:21
When should you use a cryptocurrency mixer?
When receiving any transfers?
Payne 21:21
For cleaning purposes.
Mr_Lotus 21:22
After completing the training, will it be possible to contact the lecturer for advice/help on the topic of cybersecurity? Are there any restrictions in this regard? Unfortunately, it is not possible to ask all the questions now, since most of them will arise during the work already...
Payne 21:22
Support is unlimited.
newar 21:23
how to fix a cart so that it doesn’t fly off every 1-2 months, firstly, you can only fix it using an emulator, right? secondly, using one-time SMS activators, sooner or later it will fly off, passwords on the cart and other sticks don’t help if There is no access to a one-time number, so how can you eventually register the tg so as not to lose all the data and contacts from it in the future?
Payne 21:26
newar
Yes, from an emulator. If it crashes every 1-2 months, then initially something is being done wrong, because even if a crash occurs, it is only in the format of duplicating an account - in this case, you receive a warning from the telegram and you can simply change the number. Cases where it ends up being thrown out of the blue are 1 in 1000, and not every month.
As an alternative, you can purchase a virtual number from the telegram itself on the Fragment service, but this is relatively expensive.
nlf 21:26
I mean, is it possible to make a telegram account for contacts from the forum, etc., on your personal number?
Payne 21:27
Of course not. Discussed in lecture.
ya8no 21:27
about webRtc. According to the link that was in the lecture, it is advised to treat with an extension (for example, on chrome). Don't such extensions burn anti-Fords?
Payne 21:28
The link is just to familiarize yourself with the term. First, you should check to see if there is a leak at all. If yes, extensions are one of the worst options, but one of them. And so, it is replaced by antidetects.
Peter_Parker 21:28
The very concept of detection and identification (for antifraud and in general) is constantly changing and improving, how can we find out new information about updating the antifraud system in the future?
Payne 21:29
Start working and collecting statistics. The training is designed to instill specific skills, including how to solve potential problems.
ht_ice 21:29
How safe is it to provide screenshots in .jpeg?
Or is it better to always use a link through a file hosting service? If so, which one?
Payne 21:31
1. In the context of metadata? Well, it depends on where these screenshots were taken initially. It would be better, of course, for it to be some kind of isolated device that doesn’t say anything, and not a conventional iPhone. However, the metadata can be removed, and the screenshots themselves have nothing more to do with it.
2. Optional. And it’s better not to use corporate ones a la Google, but specialized ones like dropmefiles or sendspace.
Balto 21:32
Is it safe to buy a physical SIM card in a store and register an account for yourself from some public Wi-Fi in the store? and leave this SIM card in the nightstand so as not to lose your account
Payne 21:32
No. They will find it in 40 minutes.
Well, since there are no more questions, I thank everyone for their presence and wish them good luck.
Let's start the lecture.
Greetings. Lecture topic: “Security and configuration of a virtual machine.” The lecture includes three sections: handling information, setting up a virtual machine, and financial transactions from the point of view of online privacy.
The first section, the basics of information hygiene.
1. Behavioral characteristics.
• first of all, you cannot talk about your type of activity and personal circumstances (location, family composition, education, etc.) regardless of the level of trust in your interlocutor - including, do not involve friends or relatives from real life in the work or otherwise communicate online -activities with offline activity. Finding something is much easier if you know where to look, so “my tongue is my enemy”;
• the separation must also be technical: a personal system with personal data cannot be used for “gray” activities, otherwise the risk of information leakage increases. Moreover, it is also possible to isolate data at the hardware level - using separate devices, but if all recommendations are followed, this is not absolutely necessary and virtual machines can be considered a sufficient substitute;
• devices and operating systems should not be in plaintext 24/7 - turned on, decrypted and authorized on dubious sites. If an outsider can physically gain access to sensitive information at any unexpected moment, the whole point of hiding it in the first place is lost;
• it is reasonable not to conduct activities in the location where you are located, especially in the “post-Soviet” space. Finding a resident within immediate physical and administrative reach requires less effort, which is once again confirmed by observations. This means that the use of this kind of material, stores and services is undesirable from the point of view of common sense and the “code of honor” has nothing to do with it;
• the use of personal data in any transactions (financial, transport, etc.) is unacceptable. In-person receipt of parcels, details, phone numbers, emails, nicknames and social networks are replaced by intermediaries, dummies (droppers) and third-party information. Many services freely accommodate requests for disclosure of information, therefore, the less data to search, the better.
2. Technical recommendations.
• encryption. Conventionally, this is placing data in a safe, the password to which only the owner knows. Virtual machines, files, and more must be in an encrypted area, and the area can be located, for example, on physical media that can be easily removed if necessary (flash drive, external drive, or separate device), on the main system in a hidden form, or on a dedicated server (VPS);
• the VeraCrypt program is used for encryption. Built-in tools from Windows or MAC operating systems are not recommended due to predominantly closed source code, vulnerabilities, and general security concerns. The main types of encrypted area in different combinations come down to the following: container, double bottom container, entire drive and hidden operating system.
The container is a “safe” that must be decrypted with a password. A container with a double bottom is a safe with two compartments, and when you enter different passwords, different parts open, respectively, in case there are no options left and at least something needs to be shown. You can encrypt the entire drive, and the hidden operating system is, in fact, a container with a double bottom on the scale of the entire system.
Approximate minimum requirements for the volume and type of drive for comfortable work: from 128GB of memory, USB connection version 3.0+ and, if possible, an SSD drive instead of a standard hard drive. Step-by-step setup guides are available on the forum and in the program help; in addition, the functionality is intuitive;
• Given a choice, it is worth using open-source software wherever possible. Information leaks, vulnerabilities undetected by the community, backdoors (intentionally introduced vulnerabilities) or crazy licensing agreements are just a few of the possible problems with closed source programs. Open-source, of course, is also not a panacea, but in terms of reliability it is incomparably better.
In particular, it is appropriate to abandon antivirus programs - programs that actually scan and transmit operating system data to third-party servers. Instead, it is better to open suspicious links and unverified files inside an isolated virtual machine, and keep critical information in a closed form, for example, in a separate container or in open-source password managers like KeePass;
• passwords, in turn, for each service must be unique. The result of using identical passwords may be the loss of several accesses at once, since if the database of one service is leaked, information from it can be used on others. It is also useful to install spirit factor authentication (2FA) on your accounts - additional temporary passwords, for example, in the OTP, Authy programs or in the backup email format;
• Physical SIMs are easy to track, so any registrations that require mobile activation are best done through virtual phone numbers. The necessary services can quickly be found by searching for “SMS activator”, and the forum also has services for receiving messages to real numbers in different countries. Accounts created in this way will be protected from loss by two-factor authentication;
• there are two main messengers for communication: Jabber and Telegram. Other popular services tend to have a track record of leaks or vulnerabilities. Correspondence and clients must be stored in a protected area; for Telegram - set a 2FA password, and in the case of Jabber, firstly, use trusted servers, and secondly, enable OTR encryption (in the client PSI+ is available in plugins, for Pidgin it is downloaded separately);
• It makes sense to periodically create encrypted backup copies of key information for storage outside the working operating system in case of loss of access or technical problems. However, it is not recommended to use cloud data storages - it is not known exactly who can have access to them and to what extent, and in general this is an additional attack vector.
The summary of the first section can be formulated as follows: frivolity and half-measures in matters of information security have negative consequences. Following simple operating principles is not as troublesome as getting into trouble due to naivety or losing your finances by losing access to your accounts.
Second section, setting up a virtual machine.
Virtualization programs are VMware and VritualBox, where the latter option also works on Linux, and the solution for MAC is Parallels Desktop. The settings are the same regardless of the system, and the choice of program does not really matter. For the VM to work, virtualization must be enabled in the BIOS (usually by default) - the verification method differs on different devices, so it’s worth using the search.
1. Programs required for operation.
• VPN. An encrypted connection between the user and the server through which the network is accessed in order to hide Internet traffic (actions) and change the user’s IP address. A commercial VPN service should not have: logging (saving history), experience of data disclosure, as well as obvious disgrace in the license agreement regarding privacy.
To insure against leakage of the real IP address in the event of an unintentional disconnection from the server, most VPN clients have an emergency traffic blocking function called “KillSwitch” or something similar. If there is no such function, you can configure it yourself: for example, in VPN programs like OpenVPN or in the built-in system firewall by prohibiting access to the network for all connections except the desired client.
VPN is not only commercial - it is also possible to independently set up a dedicated server (or several) for connecting. However, the instructions would require a whole lecture, and there are tons of them on the Internet, so it will not be considered. To avoid conflicts with other IP accesses, VPN must be connected on the main system (or the one located before the actual working one);
• general browsers, such as Chrome, Edge, Firefox, Safari, portable versions, as well as the confidential TOR browser. The latter is needed exclusively for surfing and transactions cannot be made from it - forums and various services often have mirrors in the .onion zone (“in the Tor”), which must be visited through TOR;
• sites determine the user’s IP address, so during operation the VPN server address is replaced with another one (for example, to the location of the owner of the material) using third-party IP accesses - mainly socks (proxy) or SSH (tunnels). They have the following format: IP-port + login-password (login and password are not always); To connect, use the Proxifier program for socks and Bitvise or PuTTY for SSH, respectively.
In Proxifier, the “Resolve hostnames through proxy” checkbox is enabled in the “Name Resolutions” item, the socks itself are added in the “Proxy Servers” tab. When using Proxifier in conjunction with Bitvise or PuTTY for SSH, a rule is added to “Rules” on the shortcut of the desired client, where the first or second item is selected in “Action”; socks in this case should be 127.0.0.1:8081/8080 without a password.
Then the data from socks or SSH is simply entered into the appropriate fields for IP, port, login (username) and password in the programs. If problems arise on the network, there are enough manuals for use, but in general there is no need to familiarize yourself in more detail.
Both IP accesses perform the function of IP address spoofing; simultaneous connection is not required. The practical difference is something like this: on average, finding clean socks for the desired location is easier, but SSH may remain working longer or have unusual characteristics such as a rare Internet provider. In other words, the good that can be found is used.
To use IP accesses of all types (socks, SSH, VPN, etc.), it is not necessary to understand the detailed structure of their protocols and the technical features of their operation. Just as you don’t need to understand programming in order to navigate the operating system at a sufficient level. Correct setup without leaks is much more important, so at the beginning of training there is no point in focusing on minor things and getting so confused;
• antidetect - a special browser that replaces device characteristics and system fingerprints in order to mask the session, significantly automating the process. SSH and socks can also be connected in the browser itself. However, despite the disguise, for security reasons it is worth storing the antidetect on a virtual system and in an encrypted area. Use as desired, there will be a lecture on this topic;
• a convenient text editor for keeping records that meets the requirements described above: open-source, no cloud storage and no bad reputation. Theoretically, a standard notepad will suffice, of course, but you can find good alternatives on the Internet using the query “open source text editor.”
As a result, the minimum acceptable configuration looks like this: main system > VPN > encrypted area > virtual system > socks/SSH > Internet. The chain is variable and can be supplemented in every possible way by introducing new links. For example, the last two points can be replaced with remote desktops (VPS, RDP...) or supplemented with a VPN series and antidetect - in general, the options are limited only by the imagination.
2. Parameters. Risks when conducting transactions in stores and services are assessed by “anti-fraud systems” based on a variety of internal rules, filters and lists. Naturally, the desire to bypass the “barrier” of anti-fraud systems and successfully conduct a transaction requires understanding the inner workings and developing the skill of camouflage. For convenience, the parameters can be divided into two categories: IP address and digital fingerprints.
A. IP address options include:
• black lists. Databases with suspicious IP addresses seen in DDoS attacks, spam and other dubious activity. They are formed by special services that business companies such as payment systems and banks turn to to check their visitors. Logically, ordering from a particularly dirty IP address will most likely fail: there is no place to put stamps on any TOR or public VPN;
• DNS is a domain name system, a kind of add-on to the IP address and does not have to completely coincide with it. It cannot be called a decisive factor, but physical proximity or visible similarity to the main IP address is without a doubt a plus. Of course, personal DNS should not leak.
IP accesses (socks/SSH) may not have their own DNS, in which case the address will come from the previous one in the sequence of IP access connections, for example, a VPN. You can adjust it like this: select a suitable VPN server, enter a public address from public access into the network adapter in the “Network and Sharing Center” or into the settings of the router (router);
• WebRTC technology: https://shorturl.at/epsFG. Optimally, the IP address displayed in the WebRTC column should be identical to the one being replaced, however, depending on the browser and settings, there may be a leak right up to the present one. If a discrepancy is observed during the check, the address can be replaced, for example, through antidetect, or disabled in accordance with the instructions on the link;
• Internet provider and host name (ISP, hostname). You may come across flashy names (“proxy”, “hidden”, “VPN”, etc.), from which the fact of hiding traffic will become obvious - which, in fact, is one of the calling cards of a typical scammer.
In addition, there are services that provide corporate or private allocation of virtual servers for remote access. As with the ISP, the IP address belonging to such a service or specific server systems contradict the pattern of the average buyer. It is useful to keep statistics of the headlines and titles encountered;
• two-way ping—the approximate time it takes for visitor traffic to reach the server. If characteristic indicators are detected (usually at least 40ms), the IP address is recognized as a tunnel (SSH), which, from the point of view of anti-fraud systems, can be one of the indicators of a potential fraudulent operation.
Unfortunately, without administrative control over IP access (having a login and password just doesn’t give it), the delay is not eliminated and the following options remain: changing IP access (socks/SSH) or changing the link leading up to it in the connection chain, for example , VPN servers. However, it doesn’t always work, and you shouldn’t give in to paranoia without real experiments with a specific anti-fraud system;
• open ports: 80, 81, 1080, 8080, etc. Theoretically, they talk about using proxy means (socks), but at the same time they are a double-edged sword. Firstly, a significant number of such accesses are just web admins of routers. Secondly, contrary to the claims of “anonymity verification” sites, a lot of pure traffic is generated from IP addresses of the above types.
In conclusion, since aggressive suppression of any suspicious elements would also lead to suffering for ordinary users, perfection in all respects is not necessary. In addition, there is a whole carriage and a small cart of other rules for assessing risks. Here are just a couple of consequences of this fact: transactions from the same IP address using different payment methods are possible, and slightly “dirty” IP addresses can be effective.
Many properties of an IP address are not “good” or “bad” in and of themselves. VPNs, proxies, servers and similar tools can easily be associated with a business, university, telecom operator and other legitimate activities. Moreover, traffic from groups of users can additionally enter the network through a single gateway, for example, to apply a firewall or improve performance.
The method for calculating the likelihood of using a proxy is called “proxyScore”. “riskScore” - as the name suggests, a risk assessment when analyzing a transaction in general or an IP address in particular. They are designated within the range of 0-100, respectively, the higher the value, the worse. Mostly, verification services are integrated into material stores, and private representatives can be found on the forum and online.
B. Digital fingerprints are the collective name for unique information “imprints” from different browser and operating system settings. Many fingerprints are actively used by websites and anti-fraud systems both for analyzing transactions and for simple surveillance, because they allow you to recognize the user despite changing the IP address, clearing cookies, and, with a strong system, some settings.
From a privacy perspective, this is a set of methods by which a user is identified from others. As, in fact, with fingerprints - and this is also the reason for the need to isolate the work environment: there is a big difference between assigning an identifier to a random observer to collect statistics and a potential “buyer”. Often the data collection and analysis scenario includes:
• user-agent. Together with the IP address, the first information that the site receives about the user is the browser version, language, device type and operating system. First, the language properties must be consistent with the masking: if the IP address is English-speaking, so is the system and browser. Secondly, in the context of statistical analysis, the choice of browser, device and system is equally important.
For example, obviously suspicious socks or SSH mostly run on Linux, which affects the attitude towards the system itself; On average, there are fewer fraudulent transactions from mobile phones, which means they are more trustworthy; TOR is a confidential browser, which nevertheless simply cannot be more suspicious, and operating systems have a popularity rating.
In other words, the greater the percentage and proportion of bona fide traffic a certain platform has in the world, the easier it is to blend into the crowd and resemble the average buyer. Although statistics are collected in real time and depend on the individual service, in general suitable options are: operating systems Windows, MAC, IOS, Android; browsers: Chrome, Edge, Safari, Firefox;
• screen resolution, window size, scaling. Extremely rare combinations of data highlight and unique the user, and those that contradict the user-agent information due to the use of antidetect or emulators (virtual machines of mobile devices) may raise suspicions: conditionally, the phone does not have computer permission;
• Like the language, the time settings with the system time zone must match the location of the IP address. You need to pay attention to time in another context: with stable work from a specific location and with one anti-fraud system, a constant deviation can lead to identification - for example, if a number of clients (actually one) have a difference between the system and the exact local time of exactly in 3 minutes;
• operating system fonts. Fixing fonts using the JavaScript programming language is a popular technique for user uniqueness. Operating systems have them by default, and the general list is replenished by installing programs with their own fonts: various types of Office, Adobe, and so on;
• passive OS fingerprint. It is formed from the operating system-specific parameters of data transfer to the network: size, lifetime of traffic packets, and others. A contradiction in the fingerprints of the IP address and user-agent (for example, traffic is transferred to a Linux proxy via IP access, while a Windows desktop is used) equals a flaw in the user's portrait.
Using standard means, you can fix it like this: change the IP access or the device itself, distribute WiFi from the configuration of the required device, for example, through an emulator, or ignore the drawback - when working with a compliant anti-fraud system and with a good overall impression of the client, this point is not key;
• extensions & plugins installed in the browser. They are detected by good anti-fraud systems by requesting certain ids in the browser and recording changes in display on the page. A trivial ad blocker is unlikely to radically affect the situation (although it will uniquely identify the user), but tools for falsifying user-agent and fingerprints can play a cruel joke;
• HTML5 Canvas (“canvas fingerprint”) and WebGL. Seamless rendering of visual elements using GPU resources with effects applied to them: text for Canvas and 3D objects for WebGL. After processing, the data is converted into a hash code and added to the overall fingerprint to identify the user.
Fonts, GPU driver versions, color depth, filtering, lighting and shadows, textures and so on - to produce a personalized result, the hardware and software features of the device are used, where each of the fragments is a variable, and as a result, the existence of distinctive features is quite understandable;
• audio fingerprint (AudioContext Fingerprint). Reproduction and evaluation of low-frequency audio signals, like Canvas and WebGL, proceeds covertly, taking into account the characteristics of the user's system and equipment. The content is: bitrate, decibel value, number of incoming and outgoing channels, output delay, sampling frequency, operation execution time, and more, based on the anti-fraud system. It is possible to adjust the indicators by changing the system, device, modifying parameters with antidetect, in the “Virtual Audio Cable” program or analogues. Far from being the most common print;
• cookie - a small piece of authorization data and user settings stored in the operating system for a specific site. Using old cookies for a new disguise is the same as entering the same contact information on two different accounts within the same store. Unambiguous identification. Therefore, when changing sessions, you need to get rid of them.
Let's summarize the second section. Cleverly protecting yourself from collecting a number of fingerprints by disabling the JavaScript programming language in your browser, with which they are retrieved, is not an option. In this case, many sites will stop working normally, and there is no need to talk about strict compliance with the pattern of a respectable buyer.
This is precisely why camouflage is needed - to change the components of fingerprints and thus achieve credibility and diversity of profiles, and also avoid identification. The principle is as follows: for example, changing the device will affect the user-agent, extensions or plugins will affect the browser, and the choice of fonts will affect the entire system.
However, it is important not to upset the delicate balance, because particularly rare settings lead to uniqueness. Ironically, even disabling tracking in the browser settings (doNotTrack) or disabling cookies are in themselves options that distinguish the user. Add to this atypical fonts or extensions, and we already have the opposite of the desired effect in the long term, a recognizable imprint.
On the other hand, anti-fraud systems are a tool for predicting risks, but the main task of any store is to consistently generate and maximize profits. Stores are able to control algorithms so that their anti-fraud systems do not react to every “zilch”, exposing honest customers to the hot hand.
For any reason, be it a low-risk assortment or maximizing profits, stores set their own combinations of rules and the acceptable threshold for anomalies in prints. Thus, individual checks may be missing, and errors may not be taken into account, for example, AudioContext or some blacklists; and on the contrary, somewhere they will press on all fronts. In the end, the point is, rather, in a certain critical mass within a specific anti-fraud system.
In addition, it is worth noting the dynamism in the assessments of anti-fraud systems. Blacklists, providers, IP address locations and other parameters, firstly, can change on their own due to data updating, and secondly, they can be perceived differently by anti-fraud systems depending on their own statistics and information from database providers , “weather”... that’s why it’s so important to collect information.
Examples of sites for checking the characteristics of an IP address and operating system fingerprints (so-called anonymity verification services): whoer.net; browserleaks.com; 2ip.ru/privacy/; ip-score.com; maxmind.com; f.vision. Repeated checking of proxyScore, riskScore and Black Lists indicators sometimes provokes IP address contamination; you should not overdo it.
Third section, financial turnover.
The main tool for making transactions is cryptocurrencies. The most suitable options, tested by time and the community: Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Monero (XMR). The use of supposedly more technically advanced or investment-friendly cryptocurrencies, as well as USDT and other “stablecoins” is at your own discretion.
The advantage of cryptocurrencies over other financial instruments is confidentiality - there is no need to support transactions with personal data of the sender and recipient. However, cryptocurrencies cannot be called “anonymous” due to the availability of transactions in clear text, which makes it possible to track the movement of funds. Consequently, they do not give carte blanche in the matter of financial transactions.
You can confuse the tracks like this: changing the receiving and sending addresses (available in many wallets), passing funds through various exchangers and cryptocurrencies, cash transactions and the use of “mixers” - services for anonymizing transactions by splitting client funds into small parts and then mixing them together. The choice of exchangers and mixers is independent, based on reviews and reputation.
There are two types of wallets: “hot” and “cold”. Hot ones need access to the Internet - exchanges, online wallets and exchangers. In this case, the coins are kept by the service, and the client only gets access to them. In turn, cold wallets are hosted locally, for example, in the operating system or on a separate device, and in the absence of information leaks, only the owner has access to them.
Despite the disadvantages of hot wallets, they are convenient for frequent use, while the point of cold wallets is reliable storage and the absence of intermediaries. Examples of wallets: “Bitcoin Core” (a cold official wallet, but weighs a lot), “Electrum” (conditionally cold, but unlike Bitcoin Core the entire blockchain is not installed); “Exodus”, “MetaMask” are relatively cold, but a lot of data is transferred to service servers.
As with cryptocurrencies, the use of alternative wallets (Ledger, Trezor, etc.) or full-fledged exchanges that require verification of personal data is at your own peril and risk. In many private services, vulnerabilities or backdoors are sometimes discovered, and exchanges even tend to go bankrupt and block accounts. In addition, when working with cryptocurrencies, you need to take into account the instability of exchange rates.
For fiat currencies (USD, EUR, RUB, etc.) and transactions from official exchanges, wallets or exchangers, an incognito behavior model is applied. The history of customer actions is saved, so personal IP addresses, personal data and device fingerprints should not be involved in the process of suspicious financial transactions. Instead you can use:
• virtual machines, SMS activators, VPN;
• many services work with cash. Suitable for both withdrawal and deposit of funds;
• use of terminals to replenish pre-registered confidential wallets;
• accounts for dummies (drops). Risks include blocking and theft, so it is better not to withhold funds and change accounts periodically. Verification services, sales of accounts and cards are available on the forum.
The informal rule of cooperation with users in the field of activity is Garant-Service. Saves nerve cells and finances.
That's all, let's move on to the questions, put "?".
Veles24 20:41
1. I have an encrypted SSD and there is a Windows image there, is this enough for encryption + is it worth the VPN based?
2.How to find out the victim’s browser?
3.Will it be enough to use only the sphere there toe?
Payne 20:43
1. Yes, this is one of the formats of the minimum acceptable configuration.
2. No, only if specific information is available, for example, from material like logs.
3. For direct transactions - yes. In a security context, this is unacceptable. It's hard to think of anything worse than a direct connection from a personal IP address to the IP address from which a fraudulent transaction is being made.
BaronLuffy 20:43
1.If you take mobile proxies, it turns out you need to adjust the settings in the anti-detection browser to the phone, right? 2.What is a hybrid in Linken Sphere when setting up a fingerprint? What benefits does it provide?
Payne 20:44
1. Optional, using a mobile connection type on a computer agent is quite understandable. But you can experiment.
2. There will be a separate lecture on antidetects, wait.
alcapon 20:44
How does the Auto Warm function work in Linken Sphere? Can you completely trust it, or do you have to heat it manually afterwards?
Payne 20:44
There will be a separate lecture on antidetects, wait for it
Serpentin666 20:45
1. What can you say about 922 proxy? ISPs display real providers there. But the ping is high
2. What crypto wallet can you recommend for the desktop version on a virtual machine?
Payne 20:46
1. The choice of commercial services is independent. We cannot vouch for private sellers.
2. The best is official, open source. But in general it depends on intentions and desires. Examples are described in the lecture.
KimJo 20:46
Payne: KeePass seems to have cloud storage synchronization between devices, if so, is it safe to use?
Payne 20:46
Any cloud cannot be secure simply by definition, so no.
Balto 20:46
1. Before buying a proxy, you need to check it using ProxyScore. Does anyone use it? What test result should be adequate according to our requirements?
2. riskScore what score 0-100 is considered normal?
3. To work with Telegram, can you log in from your personal device and IP? Or can I use a personal device + VPN? or what combination?
Payne 20:49
1. A) I don’t quite understand the question. Of course, it is better to know what you are buying - and choose pure material. B) The less, the better.
2. Likewise. Conventionally, we can say 0-15, but in general it depends on the service with which you plan to work. Everyone has their own opinion on this matter.
3. A) Of course not. Something like that was openly prohibited in the lecture. How can one even come to such a conclusion? This is literally evidence in a crime case. B) The minimum acceptable configuration is described in the lecture.
ht_ice 20:49
1.Why do you need Tor in a secure connection?
I see that many people use it
I have tried to switch to it more than once for everyday use, but I can’t cope with the fact that absolutely all pages take 5 or even more times longer to load than any other browser.
2.What rules should you follow to create a secure password, but one that you can remember?
How safe is it to store all your passwords in Keeper and iCloud?
3. I would like to hear recommendations on choosing a crypto wallet
Offline or online, where is it better to store it? (base, virtual machine, can you store it on your phone?)
4.Where to look for socks and SSH for work?
5.Did I understand correctly that the more specific fonts are installed, the more uniqueness (making you stand out from the crowd) it creates?
Payne 20:54
1. To increase confidentiality due to connection protocols built into the browser, namely, multiple traffic proxying; as well as using various tools to hide or limit the availability of technical fingerprints.
2. A) It's difficult to say. Memory is a purely personal matter. I don't know what you remember better. B) I haven’t heard of Keeper, but iCloud is unacceptable.
3. Described in the lecture. And storing evidence of a crime on your phone - well, we can’t prohibit it, but this is simply absurd. I sincerely don’t understand where such an opinion could even come from.
4. There are services for selling material on the forum.
5. True. And the more you stand out from the crowd, the worse it is, on average.
Mr_Lotus 20:54
1.On the question of the location in which you operate
It turns out that the specifics of our activities will not allow us to visit the countries in which work will be carried out, including the USA/Canada?
Or is it still possible if certain measures are taken?
2. I know that it is undesirable to use the copy/paste function for text, including from system to system
Is there any solution so as not to interrupt manually every time?
3. Does using antique completely solve the issue of leaking real digital fingerprints?
4.When creating each new virtual machine, will each have a unique new IP address or the same one from the main system?
5.Currently I use the following security chain:
OpenVpn with an activated killswitch on the main system - then a crypto container - inside a vmbox with Windows
VMBox already has a gill, access to the forum through Mozilla, without Torus, as well as other not entirely clean things, and all this from home wifi
Does this at least meet the minimum requirements and what basic safety chain would you recommend?
6.What do you think about OpenVPN?
And what VPN would you recommend?
KimJo 20:56
Payne: 1. Is there any real experience of someone using a double bottom on a forum? Does this happen more often due to violations of the first point “my tongue is my enemy”?
2. What is the best way to register accounts in TG, maybe there are instructions/discussion on the forum? (The plan is to find such a service with telephone numbers for registration, so that you can re-login to your account, and not have a different telephone number each time)
3. And if you can’t keep additional TG accounts next to your own, is it better to have a separate phone for such data? Or should we use everything only on a PC in the encrypted area?
4. In the image of the virtual machine that comes with the topic for training, there is a PaleMoon browser - what can you say about it? Is it somehow useful?
I'm sorry, I accidentally pressed enter.
Payne 20:58
Mr_Lotus
1. Possible if all precautions are taken.
2. A number of antidetects have an imitation of manual input.
3. In the absence of actual leaks and all other things being equal - yes, especially if the antidetect is hosted on a virtual machine. However, it is important to remember that in this case we are talking exclusively about technical characteristics.
4. IP address is a property of the Internet provider. A virtual machine is an operating system. The operating system does not have an Internet connection by default, these are different things.
5. Yes, this is literally the minimum configuration.
6. This was given as an example in the lecture, so you can use it accordingly. But this is just a client for connecting configs, and not the actual VPN server. And the best way to use it is, of course, personal.
KimJo
1. Most of the events occur mainly due to violations of the first point. Another huge part is due to financial connections. And the first part of the question contradicts itself. If the double bottom was useful and they found out about it, then this means that it was not useful, because they found out about it, and the question is automatically removed.
2. This is how it was described. Virtual activators - on the Internet, on the forum. Set 2fa and you can sit until you’re blue in the face (there are rare exceptions, but still).
3. Second.
4. Unfortunately, I can’t say anything special or interesting.
Akpatyr 21:03
1 Regarding VPN, yesterday I dropped https://www.ivpn.net/, https://www.ovpn.com/. I paid for https://www.ivpn.net/ but it seems MTS does not allow me to connect to it. Is there any service so that the provider does not block it?
GorilaDuster 21:03
what is the safest VPN, yesterday two were recommended and today there is a third one. In the end, which one is safest?
Payne 21:04
GorilaDuster - the most secure VPN - it's personal.
Akpatyr Specify in Question/Answer. It’s still difficult to know for every provider anywhere in the world. Or you can look for something in advance to bypass blocks using tools like ShadowSocks or Amnezia.
stormspecter 21:05
1.Where can I look at the DNS? For example, on Vhuer, but I’m more interested in how I can change it or how I can find a suitable one with physical proximity?
2.Are there methods that allow you to change the finger print and convas data?
Payne 21:07
1. How to change was discussed in the lecture, and physical proximity in the context of DNS is not as important as in relation to the main IP address. The DNS is selected for a conditional state or country, for example, by including the corresponding location in the public DNS link (there are lists on the network, often updated) or an additional link of the desired location.
2. Antidetects, changing the device, its components or settings.
Peter_Parker 21:07
1. About DNS leaks, how to protect yourself from them, as well as their danger on the input side (main ip->vpn) and on the output side (proxy->service)?
2. Is it worth changing locations for work or is a home environment permanently welcome?
3. If you use a combination of VPN->tor (not the browser, but traffic through it)->proxy/ssh (for work). The speed will be slow, but will this affect the anti-fraud system? If so, how?
4. Recommend Android emulators at your discretion (To make a clean TG, and not take someone else’s, you need to register from your phone).
5. Everything: user-agent, convas, etc... not suitable due to extensions, right?
Payne 21:11
1. What is the question? Protect against leaks. Check them using checkers and exclude them.
2. Not at all important. The technical side of the issue is much more important.
3. It will not affect, except in the context of the speed itself (that is, two-way ping), and then, with some probability and depending on the target service. The site does not see the previous link in the chain of connections, otherwise what would be the point in hiding the traffic.
4. Bluestacks, memu, nox. There are only a few of them, you can use them all.
5. In plan? Are we talking about substitution using browser extensions? As a rule, it is easily determined, so yes, it is not suitable in practice.
_LB 21:11
Is it most practical to use Windows inside a virtual machine, or does it make sense to use Linux for detailed, competent configuration of the client’s technical properties?
Payne 21:12
If we're talking about practicality, then Windows. For detailed and competent configuration - Linux, yes. But it largely depends on the desired type of configuration, especially regarding the Internet connection.
ya8no 21:13
where to look for services for working with fiat currencies on the forum, or what are they called? And I don’t understand about the cart, sorry for the stupidity MB, that is, it’s ok to sit on a computer under a VPN and from a mobile phone or not? )
Payne 21:14
1. Currency exchange.
2. From a computer via VPN and from an encrypted area it is possible, from a phone - not, even with a VPN, because the level of physical accessibility is different.
nlf 21:14
1. Question about the second part: all measures for working with stores (user-agent), IP address and other digital fingerprints - are they solved by a combination of antidetect with a certain configuration (for example, octo) + a certain resident proxy? Do you manually change any system or browser settings before work or do you use any automated combination? 2. Question about the third part: which connection for withdrawing funds would you personally recommend using? 3. I was told that it would not be possible to pay for the material with Monero and receive payments using this crypt, since few people use it. what is the reason for her unpopularity, given that, by all logic, she is best suited for this activity due to confidentiality? 4. Do you need to use Telegram for work from your personal number? thanks for the lecture. By the next one, I hope I’ll understand what’s written in this one
Payne 21:17
1. A) Yes, as a rule. B) They don’t talk about personal things.
2. Same thing. To say something like this is to create vulnerability.
3. I'm not sure, to be honest. Probably due to the fact that official, legitimate services trust her less. And such services form the market, which, in turn, affects the scale and accessibility of the ecosystem. Plus, there are technical differences - both in ease of use and in the blockchain itself.
4. Um, why use telegram to work from a personal number? I hope they just missed it. Answered in the lecture.
timbuhta 21:19
Can you tell us in more detail how containers with a double bottom are created? It’s just that inside one conventional flash drive one information cannot be recorded and stored on top of another. you need to somehow divide this flash drive into different sections and encrypt them. but if you have to give one of the passwords to the police, then they will see that there is only half of the maximum capacity of the flash drive. In general, I would like to know more about this process. thanks for the answer and for the lecture
BaronLuffy 21:19
1. What does reservation in the panel at the drop ship mean? Can I hit the same shop as in armor?
Payne 21:20
timbuhta The program's help contains detailed information.
BaronLuffy Depends on the context. Probably, we are talking about booking a specific drop for a specific store, so that it doesn’t turn out that several people use it in one place and thus interfere with each other.
Granularius 21:21
When should you use a cryptocurrency mixer?
When receiving any transfers?
Payne 21:21
For cleaning purposes.
Mr_Lotus 21:22
After completing the training, will it be possible to contact the lecturer for advice/help on the topic of cybersecurity? Are there any restrictions in this regard? Unfortunately, it is not possible to ask all the questions now, since most of them will arise during the work already...
Payne 21:22
Support is unlimited.
newar 21:23
how to fix a cart so that it doesn’t fly off every 1-2 months, firstly, you can only fix it using an emulator, right? secondly, using one-time SMS activators, sooner or later it will fly off, passwords on the cart and other sticks don’t help if There is no access to a one-time number, so how can you eventually register the tg so as not to lose all the data and contacts from it in the future?
Payne 21:26
newar
Yes, from an emulator. If it crashes every 1-2 months, then initially something is being done wrong, because even if a crash occurs, it is only in the format of duplicating an account - in this case, you receive a warning from the telegram and you can simply change the number. Cases where it ends up being thrown out of the blue are 1 in 1000, and not every month.
As an alternative, you can purchase a virtual number from the telegram itself on the Fragment service, but this is relatively expensive.
nlf 21:26
I mean, is it possible to make a telegram account for contacts from the forum, etc., on your personal number?
Payne 21:27
Of course not. Discussed in lecture.
ya8no 21:27
about webRtc. According to the link that was in the lecture, it is advised to treat with an extension (for example, on chrome). Don't such extensions burn anti-Fords?
Payne 21:28
The link is just to familiarize yourself with the term. First, you should check to see if there is a leak at all. If yes, extensions are one of the worst options, but one of them. And so, it is replaced by antidetects.
Peter_Parker 21:28
The very concept of detection and identification (for antifraud and in general) is constantly changing and improving, how can we find out new information about updating the antifraud system in the future?
Payne 21:29
Start working and collecting statistics. The training is designed to instill specific skills, including how to solve potential problems.
ht_ice 21:29
How safe is it to provide screenshots in .jpeg?
Or is it better to always use a link through a file hosting service? If so, which one?
Payne 21:31
1. In the context of metadata? Well, it depends on where these screenshots were taken initially. It would be better, of course, for it to be some kind of isolated device that doesn’t say anything, and not a conventional iPhone. However, the metadata can be removed, and the screenshots themselves have nothing more to do with it.
2. Optional. And it’s better not to use corporate ones a la Google, but specialized ones like dropmefiles or sendspace.
Balto 21:32
Is it safe to buy a physical SIM card in a store and register an account for yourself from some public Wi-Fi in the store? and leave this SIM card in the nightstand so as not to lose your account
Payne 21:32
No. They will find it in 40 minutes.
Well, since there are no more questions, I thank everyone for their presence and wish them good luck.
