Leaderboard


Popular Content

Showing content with the highest reputation on 08/27/2024 in all areas

  1. 4 points

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    Description IMPORTANT! -100% Guarantee! IMPORTANT! -Instant Delivery! IMPORTANT! -Request your bonus after positive feedback! Item description: About me: I am a carder myself with more than 10 years of experience! With the Cashout Methods I am using myself and now offering to you guys you can easily make up to 4000 - 6000 $/£ per DAY Easily! All methods are based on my own experiences. Again: I am using all methods by myself and they work 100 You can make thousands of dollars/Pounds every single day when mastering these methods Some methods are so simple you can't do anything wrong!!! I promise! You will get: - 5 proven step-by-step CASHOUT METHODS that are working 100% (All up to date - 2021! n easy to follow even for BEGINNER) - list of legit darkweb CVV VENDORS I am using myself (Never get scammed again!) - list of CARDABLE SITES (Never kill card due to high security level of website!) Once ordered you will get a download link with PDF Guide which contains all information mentioned above Refund policy Please Give Me Enough Time To Reply To You Before You Leave A Review (If You Have A Problem) Kind Regards

    $229.00

  2. 2 points

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    NFC ATM Jackpotting Malware. Works only at NCR SelfServ NCR ProCash modes (WORLDWIDE). Withdraws all cassettes one-by-one. DOESN'T REQUIRE USB ACCESS OR ANY PHYSICAL INSIDE ACCESS. Injects through NFC card. You will need a very specific software to use it. I'll help with links where you can buy it. Overall spendings will be around 50-100 USD. I will stop selling at any time. As soon as I realize that too many people use it.. Manual and safety guide will be included with software. Any technical details won't be shared until funds are in escrow.

    $2,000.00

  3. 2 points

    Time Left: 6 years and 21 days

    • FOR SALE
    • NEW

    ☢️ Dissecting DEFENSOR: a stealthy Android banking malware #android#apps#malware#mobile Android malware apps are nothing new, but this one is of particular interest in how it implements no such functionality that can be readily detected by security products. The apps named DEFENSOR ID and Defensor Digital rely mainly on Android's Accessibility Service to conduct malicious activities, and go undetected. In fact, a blog post released May 22nd 2020 by malware researcher Lukas Stefanko of ESET states, "the banking trojan was available on Google Play at the time of the analysis. The app is fitted with standard information-stealing capabilities; however, this banker is exceptionally insidious in that after installation it requires a single action from the victim – enable Android’s Accessibility Service – to fully unleash the app’s malicious functionality." The blog post also demonstrates at the time of its inception, no antivirus engine detected this malware sample. Even today, only 5-6 detection engines are flagging these two apps, according to VirusTotal. This raises concern for the next iteration of malware that may be nothing but a slight modification of these apps. Android Accessibility Service To make smartphones more accessible to users with special needs, the Accessibility Service allows for the device to extend permissions to an app to read screen content (e.g. for providing text to speech synthesis capability). You can imagine how useful would such a functionality be to a malicious app. Existing detection models can reliably predict when certain combinations of permissions requested by an app may pose problems. But because the Defensor apps mainly relied on obtaining Accessibility Service permissions from the user, along with some other minimalistic ones, no red flags were raised anywhere. The permissions requested by the app include the following, of which the critical ones are highlighted: android.permission.INTERNET android.permission.SYSTEM_ALERT_WINDOW android.permission.BIND_ACCESSIBILITY_SERVICE com.secure.protect.world.permission.C2D_MESSAGE android.permission.ACCESS_NETWORK_STATE android.permission.FOREGROUND_SERVICE android.permission.REQUEST_DELETE_PACKAGES android.permission.SYSTEM_OVERLAY_WINDOW android.permission.WAKE_LOCK android.permission.WRITE_SETTINGS com.google.android.c2dm.permission.RECEIVE In practice, this means the app can capture credentials entered by the user on mobile banking apps, read or generate SMS messages, read emails, read Two-Factor Authentication (2FA) codes generated by authenticator apps — thereby bypassing 2FA, steal cryptocurrency private keys, and so on, and upload all of this vital information to an attacker-controlled server! The app also requests the WAKE_LOCK permission, letting it override the default screen timeout setting, and keeping the device turned on persistently. This would give malware an extended opportunity to launch other apps and to continuously capturing sensitive information. The screenshots provided by ESET demonstrate this behaviour: Indicators of Compromise (IOCs) To make things easy for the security community, malware researchers at ESET have thankfully provided two useful IOCs identifying the malicious apps that have now been yanked from the Google Play store. Package Name SHA-1 Hash SHA-256 Hash ESET detection name com.secure.protect.world F17AEBC741957AA21CFE7C7D7BAEC0900E863F61 BBFB6DEDC01492CA3AC0C4F77343A22162518B306660E9CE958F2A6369FFAF13 Android/Spy.BanBra.A com.brazil.android.free EA069A5C96DC1DB0715923EB68192FD325F3D3CE B5A64791728AA641838D2A478375F5D46F91C91B8DF0CDE34B21DDA2D4D7D8A1 Android/Spy.BanBra.A New information and my analysis ESET researchers have done a brilliant job of presenting their comprehensive analysis of these apps and their documented behaviour. Further to their report however, I'd like to add a bit of my own findings. Command & Control (C&C) domains The attacker controlled C&C domains are still up — well at least one of them, and that's problematic. Domain IP address Task empresasenegocios.online 132.148.42.16 Command & Control (C&C) atendimentoempresarial.digital 184.168.221.46 Command & Control (C&C) The URLs specifically used by the app to establish communication between the attacker-controlled server include: https://empresasenegocios.online/remoteControl/ https://empresasenegocios.online/remoteControl/api/main/index/ http://atendimentoempresarial.digital/remoteControl/api/main/index http://atendimentoempresarial.digital/remoteControl/ Interestingly, VirusTotal reports most antivirus engines are still not flagging these URLs, except for FortiNet which flags just one of the empresasenegocios.online URLs as phishing: Nevermind the fact, the empresasenegocios.online domain still has a fancy admin panel for the attackers to log into and glance over the juicy details of their victims 🍿: Here's also a preview of the API: And the domain continues to be hosted on GoDaddy's shared hosting, with its beautiful cPanel and WebMail interfaces accessible: empresasenegocios.online/cpanel: empresasenegocios.online/webmail: At least, atendimentoempresarial.digital domain has its GoDaddy parking page showing up for now. While that's no guarantee that the domain's malicious ownership or activities have ceased, so far there are no strong signs indicating ongoing activity either. The WHOIS records of these domains didn't reveal anything particularly interesting other than Sãu Paulo, Brazil addresses and phone numbers, which could very likely be fakes, along with two email addresses belonging to the anonymous ProtonMail service: appdados@protonmail.com and notificador@protonmail.com. The Takeaways Enforcing BYOD policies Because prominent antivirus engines are not detecting apps like these — even now, advice to "scan your mobile device" is futile. SOC analysts and Security Ops professionals are strongly advised to enforce a corporate mobile device policy which restricts employee access to Google Play app store on their work devices. Apps like these pose significant threats to an organization's secrets especially when an organization has a relaxed Bring Your Own Device (BYOD) policy, allowing for corporate email accounts to be accessible on an employee's personal mobile device (e.g. Gmail's Android app managing both personal and work accounts of a user would not be immune to attacks like these, and could easily infiltrate corporate trade secrets to malicious actors). Network monitoring and blocks Additionally, extensive network monitoring in your SIEM/EDR products should be setup for these servers, with network blocks implemented, given at least one of these domains is still active. That way, any device on your corporate network would be prevented from inadvertently making calls to these domains. Note: The IP addresses appear to belong to GoDaddy's shared hosting, therefore blocking these could potentially block legitimate websites. It is best to block the malicious domains for the time being. DEFENSOR ID and Defensor Digital were just two of the apps which have been identified and removed from the Play store, but given their stealthy behaviour, we do not know as of yet how many other apps might be using these servers or leveraging the Accessibility Service weakness.

    $299.00

  4. 2 points

    Time Left: 5 years and 2 months

    • FOR SALE
    • NEW

    TD BANK SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  5. 2 points

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    If you need Information on how to obtain Covid-19 Vaccine Cards or information on how to Get a certificate indicating that you’ve been vaccinated, known as the Pass Sanitaire (Covid 19 Sanitary pass) or Pass Vaccinal in France contact us. Get a French/European “covid health pass” , EU or France Certificate, French Vaccine Pass, EU Covid-19 “passport“, covid pass french without the Covid-19 Vaccine with us via our email. We also produce False certificate vaccine of covid or falsified a health pass with QR codes. and we can forward you the information via email after production as digital.

    $250.00

  6. 1 point
    Made about 5 trades in the last week. No complaints about the escrow service, everything is clear and according to the rules.
  7. 1 point

    Time Left: 5 years and 3 months

    • FOR SALE
    • NEW

    My team and I will deliver any product from Amazon or Ebay for 40%. The service of receiving parcels by drop is free of charge. You receive the package from us, not from the store. Only you know about the origin of this product, so it is safe. Min. order 250$ ( My share)

    $250.00

  8. 1 point

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    We are unique producers of High Quality novelty and Real Genuine Database Registered documents, our real documents can be used worldwide and passes all airport scans and data-check machines. With 12 years of experience and expertise we are definitely the best pick for your documentation. We guarantee you New Identity and do update the following documents (passport, SSN, driver's license, I.D, Birth certificate, diploma). We provide services for the production of documents for USA, CANADA, AUSTRALIA, EU countries and also part of Asia. - PASSPORT - ID CARD - Residence permit / permanent residence - DRIVING CERTIFICATES - DIPLOMA/DEGREES - VISAS Schengen, Canada, USA, Australia, New Zealand, Japan, Korea - COVID CARDS - Birth certificate - Bank Statements - TOEFL & IELTS certificates We will help to get to Europe, Canada, USA and other countries. Each case is different. There is no general price list. I am waiting for you in my private messages.

    $1,000.00

  9. 1 point
    What products are in stock? Answer the carts or write the hours you visit there.
  10. 1 point

    Time Left: 5 years and 2 months

    • FOR SALE
    • NEW

    BMO SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  11. 1 point

    Time Left: 5 years and 2 months

    • FOR SALE
    • NEW

    CIBC SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  12. 1 point

    Time Left: 5 years and 2 months

    • FOR SALE
    • NEW

    HSBC BANK SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES

    $200.00

  13. 1 point

    Time Left: 5 years and 2 months

    • FOR SALE
    • NEW

    FIDO SCAMPAGE .ZIP FILES UPLOAD AND UNZIP EDIT NECESSARY FILES WITH SOFTWARE OR ON SERVER UNDETECTABLE TO MANY SERVER INSTAT DELIVERY PLEASE CONTACT ME IF MORE HELP IS REQUIRED FOR ANY PRODUCT. DO NOT DISPUTE AN ORDER THE ADMIN IS VERY BUSY AND THEY WILL TAKE FOREVER TO SOLVE YOUR EMOTION ISSUES.

    $200.00

  14. 1 point

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    NFC ATM Jackpotting Malware. Works only at NCR SelfServ NCR ProCash modes (WORLDWIDE). Withdraws all cassettes one-by-one. DOESN'T REQUIRE USB ACCESS OR ANY PHYSICAL INSIDE ACCESS. Injects through NFC card. You will need a very specific software to use it. I'll help with links where you can buy it. Overall spendings will be around 50-100 USD. I will stop selling at any time. As soon as I realize that too many people use it.. Manual and safety guide will be included with software. Any technical details won't be shared until funds are in escrow.

    $2,500.00

  15. 1 point

    THIS ADVERT HAS EXPIRED!

    • FOR SALE
    • NEW

    This contains 13 really great methods to make a great living with carding. Besides different websites and techniques this are the highlights in the guides: - Top notch carding video's and pdfs - Anonimity, changing socks5 and top socks5 providers - The best way to connect RDP - Cashing out CC in front of YOU, making $250 in 15 minutes - CARDING SAMSUNG phones - Cashing out PAYPAL accounts

    $499.00

  16. 1 point
    Thanks for the amazing tool guys
  17. 1 point
  18. 1 point
    [hide] downrange556:rmkcpa1214 [/hide]
  19. 1 point
    [hide] https://ufile.io/vapit [/hide]
  20. 1 point
  21. 1 point
  22. 1 point
  23. 1 point
  24. 1 point
  25. 1 point
  26. 1 point
  27. 1 point
  28. 1 point
  29. 1 point
  30. 1 point
  31. 1 point
  32. 1 point
  33. 1 point
  34. 1 point
  35. 1 point
  36. 1 point
  37. 1 point
  38. 1 point
  39. 1 point
  40. 1 point
    thank you very much!
  41. 1 point
  42. 1 point
  43. 1 point
    thanks for share thanks
  44. 1 point
  45. 1 point
  46. 1 point
  47. 1 point
  48. 1 point
    Hope it give some hit and will contribute to forum Thanks
  49. 1 point
  50. 1 point
    where do u get your proxies?