WWH education 20-21. Part 3. “Security and configuration of the virtual machine”
Lecture#3 Security and configuration of the virtual machine 11.18.2020
Lecturer: Payne
(19:14:58) Payne: Hello. Lecture topic: "Security and configuration of a virtual machine."
(19:15:08) Payne: The lecture includes the following parts:
1. General characteristics of privacy and security.
2. Structural configuration of the virtual machine: programs and parameters.
3. Financial turnover, taking into account the properties of anonymity in the network.
(19:15:34) Payne: It's customary to start with the basics, first of all, let's look at the fundamental rules of conduct in the field of Internet activities.
(19:15:58) Payne: Security.
It is necessary to be guided by a number of rules, which are strongly not recommended to be violated:
(19:16:08) Payne : Stop the distribution of any personal information. The location and composition of the family, details, emails, social networks, specific nicknames that match the Instagram account, information about work activities and subscriber numbers should not leave the boundaries of a pure operating system and mind.
(19:16:38) Payne: Regardless of the interested person, friend or colleague - anyone can be not who they want to be seen, I am no exception. It is important to be aware of what you intend to do and to remember: the personal must remain personal, the work-worker. It refers not only to people, but also to Internet resources, from which the conclusion follows.
(19:17:13) Payne : Do not use personal phone numbers, emails and social networks to register accounts on "gray" sites or stores. Mobile and Internet service providers, as well as e-mail companies, in most cases will simply issue information at the request of competent services.
(19:17:54) Payne: Registration of mail that requires acceptance of the SMS code for activation is carried out using virtual online activators, for example: https://sms-activate.ru/. There are dozens of similar services, it won't be difficult to find them. The forum has services, including for receiving messages to real numbers of foreign countries.
(19:18:17) Payne : Uncompromising rejection of activities in all countries of the post-Soviet space. It is much easier to track a resident who is in direct physical and administrative reach, which is once again confirmed by statistics and observations.
(19:18:49) Payne: So, the use of this kind of material, shops and services is prohibited by common sense, and not by any "code of honor."
(19:19:04) Payne : For the same reason, the receipt of parcels is carried out through intermediaries and dummies. It is a bad idea to involve personal identification data in the process of circulation of goods and finance in any form.
(19:19:35) Payne : Communication means and corresponding correspondence histories should not be in open form on the main operating system. Inside a virtual machine? permissible. Messengers Skype, WhatsApp, Viber and others like them are nonsense, due to the track record of leaks and discovered vulnerabilities that look like backdoors.
(19:20:25) Payne: Speaking of Jabber, it's important to use only servers that have a sufficient level of trust and reputation, and in order to secure the communication space, you need to enable OTR encryption if possible. In the client PSI + is in plugins, for Pidgin it is downloaded separately.
(19:20:57) Payne: By the way, making contacts public is fraught with spam, hacking attempts and possible fake accounts similar to our own, which in the long term can add worries. There is such a need - more are being created.
(19:21:25) Payne : Methods for storing images of virtual machines and information should have their own levels of protection. First of all, physical media: hard drive, SSD (both external and internal) or an ordinary flash drive. Removable storage is also convenient because in a critical situation it can be quickly physically removed or rendered unusable.
(19:21:59) Payne: Two characteristics play an essential role in choosing a device: volume and speed. There is never enough memory, so the choice is solely at your own discretion, a convenient minimum? 32GB.
(19:22:17) Payne: Speed is a consequence of the type of storage device and the characteristics of the computer. SSDs are definitely faster than hard drives, but the cost is clearly higher. For removable drives, the USB connection method is also significant: versions 3.0 and 3.1 outperform compared to 2.0 - to easily identify the version, you can see the color of the ports, with 3.0+ it is blue.
(19:23:01) Payne: Speaking about the settings of the drive, this is mainly encryption. When choosing a specialized program, you can stop at Veracrypt; BitLocker and similar solutions are not recommended. Veracrypt is a fork of Truecrypt due to the closure of the latter and the doubts arose on this basis.
(19:23:37) Payne: A container is created or the entire drive is encrypted, then confidential information is placed inside, in the future, to view it, you need to decrypt (unmount) with a password. To prevent the risk of capturing a password from RAM, hibernation is disabled - instructions according to the operating system on the Internet.
(19:24:13) Payne: In addition, the program has the ability to create a hidden operating system. In case of emergency, it will be possible to issue a password from the main one, which exists in parallel, while the hidden one continues to store files. Double bottom containers work in much the same way. Detailed guides are available in the main working conference on the forum and in the program help, in addition, the functionality is intuitive.
(19:24:55) Payne : Passwords must be unique for each site, account and container. The use of identical passwords often results in the loss of all accounts at once, since when one database is drained, information from it can be used on other sites. There is no insurance against the sale or hacking of the database of any store of material, leakage from popular resources and subsequently banal brute-force passwords by the enemy.
(19:25:40) Payne: "KeePass" or similar can serve as a password manager. Needless to say, "qwerty54321" is not a strong password at all.
(19:26:04) Payne: However, it is appropriate to report on the convenient two-factor authentication feature. 2FA is an additional level of protection implemented by generating passwords every 30 seconds, which will not be superfluous to use where possible. For example, Authy or OTP applications will do.
(19:26:53) Payne : A separate virtual machine is created as a preventive measure against a virus infection. To prevent control over the device or interception of passwords directly from the system, the installation of dubious and unverified programs is performed in a previously prepared virtual system.
(19:27:51) Payne : It is recommended to periodically make backups of the most important data, which must be kept in encrypted form separately from the working system. It is desirable not in a single copy.
(19:28:24) Payne: The first part can be summarized as follows: neglect and half-measures in matters of security have negative consequences. Maintaining basic hygiene rules is not as troublesome as making problems due to naivety or losing money due to account hijacking.
(19:28:58) Payne: Setting up a virtual machine.
Virtualization software - VMware and VritualBox, where the latter option also runs on Linux, and the solution for macOS is Parallels Desktop. The set of virtual machine settings does not change depending on the main system, as well as the choice of the option for work is not of fundamental importance.
(19:29:42) Payne: Almost always in bios / uefi virtualization extensions are enabled, but some device manufacturers disable them by default. The method of getting into this interface differs from the main system and the computer model, so it is worth using a search engine, while virtualization, basically, appears as VT, AMD-V or V. Extensions.
(19:30:14) Payne: A virtual machine has two main functions: daily use and work activities. Combining is not prohibited, however, the craft provides for constant changes in IP addresses, a number of programs and parameters, therefore, separate assemblies can be made for different purposes.
(19:30:48) Payne: 1. The working arsenal includes the following:
VPN. An encrypted connection from the user to the server through which the network is accessed. To avoid conflicts with other IP-accesses, it is installed on the main system. It is optimal to choose the service of the third world countries, there can be no question of the post-Soviet space; a commercial service should not log.
(19:31:15) Payne: VPN can be created independently by internal configuration of a dedicated server for this purpose. A whole lecture could be assigned to instructions, and there are a lot of them on the network, for these reasons, they will not be covered. After connecting, the IP address must change.
(19:31:49) Payne: The function of blocking traffic in case of unintentional disconnection of IP access in order to insure against disclosing the real IP address in VPN clients is called KillSwitch (or similar) and is contained in many clients, and in Windows the firewall is implemented thanks to creating rules in "Firewall Properties": Outbound connections> Block of three tabs; then Outbound Rules> Program> Outbound Application> Allow the connection. There are also special programs on the network.
(19:32:47) Payne : A set of common browsers: Firefox, Chrome, Safari, TOR Browser and others. As for the latter, forums and material stores often have mirrors in the .onion zone that must be opened through the torus. To prevent the leakage of the real IP address in browsers, the WebRTC technology is disabled: https://bit.ly/2F2BTLW.
(19:34:05) Payne: - In order to mask the IP address for work (in particular, for the owner of the material), SOCKS proxies and SSH tunnels are used. They are presented in the format ip-port + login-password (moreover, login-password is not always). These network protocols use different connection methods, for the initiation of which you should install a kit from Proxifier for socks and Bitvise or PuTTY for tunnels, respectively.
(19:34:46) Payne: The Proxifier turns on the "Resolve hostnames through proxy" checkbox in the "Name Resolutions" item, the socks are directly added in the "Proxy Servers" tab. When using Proxifier in conjunction with Bitvise or PuTTY for SSH, a rule is added to "Rules" on the shortcut of the required client, where the first or second item is selected in Action; sox should be like 127.0.0.1:8081/8080 without a password.
(19:36:06) Payne: The rest of the setup comes down to filling in the fields for entering in clients with information about IP access - IP, ports, logins and passwords. There are plenty of guides for the aforementioned clients on the web and on the forum, so we won't go into more detail.
(19:37:02) Payne: - Antidetect is a program that uniquely works on the Internet by replacing browser fingerprints - for example, Linken Sphere. A virtual machine is optional if present, although from a security point of view, the tools should be kept in an isolated area. Use at will, there will be a lecture on this topic in the future.
(19:37:36) Payne: - A handy text editor for the sake of keeping records. Freedom of choice is provided here, but if you put the question bluntly, you can give several examples: Notepad ++, RightNote, Standard Notes, CherryTree, Atom. At the same time, as with passwords and backups, it is certainly not worth keeping information in the cloud storage.
(19:38:16) Payne: The final sequence of connections in the minimum allowable configuration will look like this: main system> VPN> encrypted storage area> virtual system> SOCKS / SSH> Internet.
(19:38:50) Payne: The chain is variable and can be supplemented in every possible way, introducing new links. For example, the last two items can be replaced with remote desktops: ... virtual system> VNC / RDP / dedicated server> Internet. Is it possible to supplement with antidetect, building a VPN series? in sum, maneuvering is limited only by the imagination.
(19:39:43) Payne: 2. The spectrum of parameters originates in anti-fraud systems. Antifraud is a system designed to assess financial transactions on the Internet for fraud. In fact, it is the center of rules, filters and lists. Knowledge of the internal kitchen in the future will help to overcome the "barrier" of anti-fraud systems.
(19:40:30) Payne: Of the many rules included in the system, there are two categories: IP address and digital fingerprints. It is necessary to investigate their content in order to have an idea of the mechanism for substituting visibility - camouflage and from what perspective the future "buyer" will be assessed.
(19:41:05) Payne: A) IP address.
(19:41:15) Payne : Blacklists or Black Lists. Such databases are formed by various companies that track IP addresses that carry out DDoS attacks, spam, and other dark activities. Then Internet service providers, postal services, payment systems, banks and shops use them to verify visitors. Consequently, an attempt to place an order from a dirty IP address will usually end in failure: TOR, public VPNs and proxy services are downright littered with blacklists.
(19:42:18) Payne: In addition, sometimes entire subnets of certain ISPs are targeted for bias based on the range of addresses previously involved in fraudulent activity.
(19:42:53) Payne : ISP and Hostname or Internet Service Provider and Hostname. Thanks to the flashy titles in the names such as "proxy", "hidden", "vpn", can the intentions to hide and mask traffic be set? one of the business cards of a typical con man.
(19:43:39) Payne: Also, there are services that provide services for corporate or private provision of virtual servers on remote access. By analogy with the previous point, the IP address belonging to such a provider and specific systems (servers) contradict the pattern of the average buyer.
(19:44:27) Payne: In simple terms, a virtual server like Amazon's Remote Desktop is not presentable; VPN service, proxification (SOCKS) or tunneling (SSH) traffic - reprehensible.
(19:45:24) Payne: In addition, there are providers that are in the high-risk zone from the point of view of many anti-fraud systems, which are often treated with increased attention. Examples: rr, myfairpoint, frontier. And on the contrary, a few good ones: qwest, charter, cox, att, verizon, comcast. In light of the above, even the complete absence of black lists does not guarantee a result.
(19:45:58) Payne : DNS or Domain Name System? connecting element of the name of the site and the IP-address on which this site is located A kind of appendage and does not have to match the IP-address; personal DNS should not leak. Usually it is not a decisive factor, but the consistency of the DNS countries and the IP address is definitely a plus.
(19:46:42) Payne: Sometimes it is absent on SOCKS or SSH, then you can:
• register in the network adapter in the network and shared access center of the system;
• register in the settings of the router (router);
• supplied complete with VPN as one of the links in the connection chain.
(19:47:40) Payne: - Two-way ping - approximate client-server route time. When characteristic indicators are established (mostly over 40ms), the IP address is classified as a tunnel, which, through the prism of anti-fraud systems, can be one of the indicators of a potentially fraudulent operation.
(19:48:46) Payne: Unfortunately, without ownership of IP access at the administrator level, this cannot be eliminated locally, which leaves these options:
• replacement of IP access (SOCKS / SSH);
• changing the link that goes to it in the chain of connections, for example, changing the VPN server - as an option, it does not always help;
• if you have administrative rights, you must prohibit ICMP traffic, instructions according to the IP access system can be found on the network.
(19:49:39) Payne : Open ports: 80, 81, 1080, 8123, 8080, 8081 and so on. Indicate the use of proxification means, at the same time being a double-edged sword. First, a significant number of these addresses are just the router's web admin area. Secondly, contrary to the statements of the sites for checking anonymity, a lot of pure traffic is generated from IP addresses of the above types.
(19:50:25) Payne: Most of the properties of an IP address are not really “bad” or “good”. Proxies, VPNs, servers, and specific ISPs can be associated with a corporation, university, mobile operator, or other legitimate use of the toolkit, whether it be a personal purchase at work or transactions from a legal entity. faces.
(19:51:01) Payne: In this case, the traffic of groups of people can also be transmitted through one point of access to the Internet, for example, to use a firewall or improve performance. It follows that a radical policy of containing all suspicious elements will inadvertently cause suffering for ordinary users.
(19:51:37) Payne: This essentially means: a) purchases from the same IP address by different means of payment are possible, b) IP addresses branded as "proxies" can be effective and c) there is a whole carriage for risk assessment and small cart of other rules.
(19:52:30) Payne: The method for calculating the probability of using a proxy is called "proxyScore". "RiskScore" - as the name suggests, a risk score when analyzing a transaction in general or an IP address in particular. Are indicated in the range of 0-100, respectively, the higher the value? so much the worse. Mostly, verification services are integrated into material stores, and private representatives can be found on the forum and on the network.
(19:53:11) Payne: There is an inherent variability in the criteria to be noted. Blacklists, ISPs and other attributes change every day, and also directly depend on specific anti-fraud systems, dozens of which should not have an identical device and algorithms, in general. For these reasons, it is extremely important to keep personal statistics.
(19:53:55) Payne: B) Digital prints.
Fingerprint is a unique snapshot of browser and operating system settings. The receiving mechanism is actively used by anti-fraud systems both for assessing the risks of transactions and for simple tracking, because it allows you to recognize the client regardless of changing the IP address, clearing cookies, and with a strong system, some settings.
(19:54:33) Payne: From a security point of view, it represents a set of methods by which a user is identified against the background of others. This is one of the reasons why the principle of isolation of the working environment is declared: it is one thing to assign a unique identifier to an anonymous observer for the purpose of advertising tracking and collecting statistics, but completely different to the “buyer”.
(19:55:09) Payne: So, the chronic use of a single configuration in the work will inevitably lead to customer recognition, which can cause denials of transactions on a par with suspicious fingerprints. Very often, a scenario for collecting and analyzing data includes:
(19:55:46) Payne : User-Agent. Along with the IP-address, the first information that the site receives about the user when visiting? browser name and version, device type, operating system and language. In order to achieve consistency, you need to take into account the language properties of the selected masking, if the IP address is English? the same system and browser.
(19:56:27) Payne: One of the norms for analytical processes? statistical coincidence of illegal acts with a specific operating system or browser. It can be illustrated as follows: for example, deliberately suspicious proxy servers for the most part operate on the basis of Linux, which affects the attitude towards the operating system itself.
(19:57:11) Payne: The more bona fide traffic is generated from the operating system or browser in the world, the blurr the ratio of black to white, which means the camouflage will be more natural. A striking example? line Windows, macOS, IOS, Android. Browsers: Chrome, Firefox, Safari, IE, Edge. As with blacklists, analytical materials are collected in real time and depend on the service.
(19:59:23) Payne : Passive OS Fingerprint. The fingerprint is formed from the parameters of data transmission to the network inherent in operating systems: size, packet lifetime, and others. Mismatch between the fingerprints of the sending IP address and the User-Agent (for example, the packet was sent by Linux, and the client is Windows; or, in other words, the Internet connection via SOCKS on Linux, while using Windows)? flaw in the user's portrait.
(20:00:01) Payne: Because server-side tuning is the easiest way to smooth corners? change of IP access. From the number of standard tools, distribution of WiFi from the required device through an emulator or neglect can help out - subject to a compliant anti-fraud system, in the general picture this moment is not key.
(20:00:51) Payne: - Screen resolution, window size, scaling. Uniqueization parameters that are simultaneously involved in risk assessment. Extremely rare indicators highlight the user, and unnatural for the User-Agent due to the use of antidetect or emulators can raise suspicions: conditionally, the phone does not have computer permission.
(20:01:43) Payne : Time & time zone. The time and time zone of the operating system must match the location of the IP address, as roughness in disguise can sow doubt. Constantly working from the same locality, for the prevention of identification, it is worth adjusting the deviation in seconds between the local and system time.
(20:02:43) Payne: - Operating system fonts. Defining fonts via Flash or JavaScript is a standard technique for user uniqueness. Operating systems have them by default, and the general list is replenished by installing programs with their own fonts: various kinds of Office, Adobe PDF, and so on.
(20:03:26) Payne : Extensions & Plugins? extensions and plugins installed in the browser. They can be detected by good anti-fraud systems by requesting the presence of certain ids in the browser and fixing the display changes on the page. Unpretentious "AdBlock" is unlikely to have a significant impact, but the tools of "User-Agent" spoofing and fingerprints against a serious opponent can play a cruel joke.
(20:04:09) Payne: • Flash Player. A plugin for playing Flash audio and video on websites, as well as one of the unique mechanisms. To some extent, openness gives the impression of fairness, but it is not necessary to install it, since the access to Adobe Flash provides information about the browser and operating system.
(20:04:41) Payne: Moreover, today Flash is an old module and many browsers are disabled by default for security reasons, which is due to a decrease in popularity among users. However, it may be required to display Flash content on certain sites, which will be notified accordingly.
(20:05:08) Payne : HTML5 Canvas (Canvas Fingerprint) and WebGL. Subtle rendering of elements with GPU resources with imposed effects: text for Canvas and 3D object for WebGL. After processing, the data is converted into a hash code and attached to a common fingerprint for subsequent user identification.
(20:05:52) Payne: Fonts, GPU driver versions, color depth, filtering, lighting and shadows, textures, and so on - hardware and software features of the device are used to produce a personalized result, where are each of the fragments? variable, and as a consequence, the existence of distinctive signs is quite understandable.
(20:06:43) Payne : AudioContext Fingerprint. Evaluation of low-frequency audio signal playback by the browser, like Canvas and WebGL, proceeds covertly, taking into account the characteristics of the operating system and user equipment. Not the most common method.
(20:07:24) Payne: The fingerprint is filled with: bit rate, decibel value, number of input and output channels, output delay, sampling rate, operation time and others, based on the anti-fraud system. It is possible to correct the fingerprint by modifying the parameters with an antidetect, in the Virtual Audio Cable program or analogs.
(20:08:00) Payne: - Cookie. A small piece of data from a specific site, stored in the operating system for authorization and settings. If there are cookies in the session, the site uniquely identifies the user, therefore, changing the masking, you need to get rid of them.
(20:08:51) Payne: - Personal data of the impersonating person: addresses, contact information, payment methods. An association by, for example, email or phone between different accounts in the same store is a compromising sign.
(20:09:24) Payne: Let's summarize. Smartly protect yourself from collecting a number of prints by disabling the JavaScript programming language in your browser, with which they are retrieved? not an option. In this case, many sites will stop functioning correctly, and there is no need to talk about strict compliance with the pattern of a respectable buyer.
(20:09:49) Payne: This is why masking is used, deliberately changing the components of fingerprints: the device for the User-Agent, plugins for the browser, fonts for the operating system - according to this principle. However, it is important not to upset the delicate balance, too unique settings will lead to recognition.
(20:10:27) Payne: Ironically, even disabling tracking in the browser settings (doNotTrack) or disabling cookies are in themselves user-specific options. Add to this atypical fonts or plugins, and we already have the opposite effect in the long run, a recognizable imprint.
(20:11:17) Payne: On the other hand, an anti-fraud system is a risk prediction tool, while the main task of any store is to consistently receive and maximize profits. Stores are able to manage algorithms so that the anti-fraud system does not react to every "puff", substituting honest buyers under the hot hand.
(20:12:19) Payne: Whether it's low-risk assortment or maximizing profits, stores set their own rule combinations and thresholds for print anomalies. So, individual checks may be missing, and errors are not taken into account, for example, AudioContext or some blacklists, and on the contrary, somewhere they will press on all fronts.
(20:12:48) Payne: Examples of sites for checking the characteristics of the IP address and operating system (checkers):
• whoer.net;
• whatleaks.com;
• browserleaks.com;
• 2ip.ru/privacy/;
• ip-score.com;
• maxmind.com;
• f.vision.
Repeated checks for proxyScore, riskScore and Black List indicators sometimes provoke IP-address pollution, you should not overdo it.
(20:13:35) Payne: Financial turnover.
Undoubtedly, cryptocurrencies are an integral part of the profession. Most are accepted by those who have passed the test of time and the community: Bitcoin, Ethereum, Litecoin, Monero. The use of cryptocurrencies is technically, perhaps, better implemented or more profitable in terms of investment at your own peril and risk.
(20:14:18) Payne: It is noteworthy that contrary to popular belief about cryptocurrencies as an "anonymous" payment system, they do not give carte blanche on financial transactions, this is a myth. Anonymity - the inability to establish the source, but due to the availability of cryptocurrency transactions in the clear, the source is the sender's address, which allows you to track the vector of funds movement.
(20:14:44) Payne: On closer inspection, the prerogative of cryptocurrencies is confidentiality - the absence of personal data during registration and transactions. It is worth distinguishing between "anonymity" and "confidentiality", while not taking into account the carelessness about the "small fish".
(20:15:09) Payne: You can confuse traces by regularly changing the sending and receiving addresses (provided by many wallets), passing funds through various exchangers, cryptocurrencies or mixers. Mixer is a transaction anonymization service, in fact, a technology for crushing client funds into small parts and then mixing them with parts of other clients. Selection of mixers and exchangers based on reviews and reputation.
(20:15:46) Payne: There are two types of cryptocurrency wallets: "hot" and "cold". Hot - any that need access to the Internet: exchanges, online wallets, exchangers. So, in fact, the funds are on the servers, and the client only gets access to them? remembering the news about the loss of funds after hacking or blocking exchanges.
(20:16:27) Payne: Cold in turn? local storage concept that does not require constant Internet access. Despite their susceptibility to hot hacking, they are convenient for frequent and small transactions, and the idea of cold ones is to store funds safely.
(20:17:22) Payne: Recommended wallets:
• Bitcoin Core (cold);
• Electrum (semi-cold);
• Blockchain (hot).
It is worth emphasizing that dealing with cryptocurrencies means the likelihood of losing funds due to external factors: a fall in the exchange rate, exchange hacking, exchange fraud.
(20:18:12) Payne: In relation to fiat currencies (USD, EUR, RUB and so on) and transactions from official exchanges, wallets or exchangers, the incognito behavior model is applied. The history of customer actions is saved, so personal IP addresses, personal information and device fingerprints should not be involved in the process of financial turnover.
(20:18:46) Payne: You can use instead:
• Virtual machines and SMS activation services;
• Many exchangers carry out cash transactions. Courier services are suitable for both withdrawal and deposit of funds;
• Terminals. Depositing to pre-registered confidential wallets;
(20:19:11) Payne: • Accounts of wallets, exchanges and credit cards for dummies (drops). They can block or steal, it is better not to delay with such funds and periodically change. The corresponding services for verifying accounts and selling cards are on the forum.
(20:19:32) Payne: An informal rule of cooperation with users in this field? Garant-Service. Preserves nerve cells and finances.
(20:20:06) Payne: That's all. Moving on to the questions, put "?"
(20:21:39) gangass13: 1) Do I need to completely clean the system before each new drive, reinstall the virtual machine, buy new socks or tunnels, even if the staff of different kx is the same?
2) Do I need to memorize all these plugins / add-ons, or is it enough just to get acquainted and in the process we will study in more detail?
(20:23:38) Payne: 1. If you drive into the same store or the same anti-fraud system (even if it is installed in two different stores)? Yes. Otherwise, optional.
2. Why memorize? Create a note here that no more than 10 programs and 20 parameters will be used. And there is nothing special to consider in more detail: both the settings and the basic principles are voiced, and how to check too.
(20:23:50) AlexFlex2134: 1) Earlier I used windscribe vpn for work, as you wrote above about the black lists of public VPNs, does it turn out to be part of the retiurns and the midrange was for this reason?
2) As far as I know, the sphere allows you to adapt as much as possible to kx, up to the screen resolution, that is, the best thing for work is this sphere?
(20:25:07) Payne: 1. If you mean Paypal, then most likely yes. Even commercial VPN services are usually not good for practice, everyone is looking for private openvpn configs.
2. Everything is relative, but about masking is true: the range of parameters is wide.
(20:25:13) user80: Honestly, a lot is not clear. Just pain) Is this normal? All information on today's topic can I find on the forum?
(20:25:59) Payne: It's okay. Clarify after a meaningful and calm re-reading in the conference question / answer. Also, visit checkers? sometimes it is enough to look at your own user parameters.
(20:26:09) IB $ integral: 1. Do I understand correctly that if I use vpn on the main machine and connect to the Dedicated Server, it is still better to install a virtual machine to drive it onto the Dedicated Server itself and drive a Dedicated Server from the virtual machine? Or can you drive it in (from the point of view of safety and usability) on the Dedicated Server itself? There is a password manager on the Dedicated Server, electrum and everything else is working.
2. Is it worth encrypting a disk on a Dedicated Server?
3. Is the coincidence of socks OS and its own system specified when buying a sock? and how then to check this correspondence? in the checker?
4. Can you please recommend multicurrency analogs of electrum to work not only with btc, but for example, with usdt
(20:29:08) Payne: 1. No, here is the correct option to connect from a virtual machine to a Dedicated Server. Plus, you put the IP address (Dedicated Server) and the system (virtual machine) in the same category, but the systems do not have an IP by default. The meaning of the Dedicated Server is that it is a 95% ready-to-use system with its own IP.
2. Should you store files on it? Definitely yes.
3. Yes, in the checker. Whether it is specified or not depends on the service where you buy the sox.
4. Alas, multicurrency is a problem in this case. But you can install multiple wallets for specific currencies.
(20:29:22) Koba787: 1 - Antidetect - do I understand correctly that every time a new virtual machine is created, the shops perceive the virtual machine as a new machine? Does the fingerprint change completely?
2 - Do additional security variations lead to our safety or to more successful work with material and shops?
3 - does the hostname change in the virtual machine when using vpn + socs + shh?
4 - speaking of riskScore - when setting up the system, before starting work, are there services that can check from 0 to 100, where am I now about?
5 - about the simplest way to smooth corners by distributing wi-fi - it's not clear (((
6 - do you always need to get rid of cookies - or is there a scenario when, on the contrary, you need to save?
7 - association by email or phone between different accounts - can be an example for tight ones - how's that?
8 - how to understand that 2 stores have one and the same anti-fraud system?
(20:30:42) Koba787: please ask in advance if the questions are stupid
(20:34:26) Payne: 1. If the antidetect fully fulfills its functions? yes, because this is its purpose. The very meaning lies in the name "antidetect". Well, it also depends on the settings. In any case, there will be a lecture on the topic of antiques.
2. Of course, for your safety. Work is already a disguise.
3. Yes, because the hostname in the context of the Internet connection is a parameter of the IP address. This is not about the host operating system of your particular computer.
4. I repeat, there is: either integrated into stores, or can be found on the forum. Nevertheless, it should be borne in mind that the anti-fraud system can have its own, different criteria.
5. This literally means: distribute wifi from the desired system name.
6. It is necessary when there is consistent work with one store and / or one accounts.
7. "Two persons have registered in the store: Vasya and Petya. But they have registered for the same e-mail! Could it be the same person ?!"
8. There will be a lecture.
(20:34:45) Yarah: 1. where can we get the users fingerprints in order to spoof it on our system? if the only info. we use are CC/Day of Birth/Address etc. will we also buy this information to insert it into linken sphere for example?
2. do mixers really work to remove our previous wallets address and definitely cannot be tracked?
3. if you cash out in "dummy" cards, which are based in Russia, do you have to travel to Russian in order to cash the money from ATM's? What if you don't live in Russia? How will you cash the bitcoin?
(20:37:42) Пейн: 1. Logs, for example. Also, there is some shops, selling real-person configurations. But in most of time we just cloaking by geolocation info.
2. Depends on what crypto u use and how many times.
3. Same way. Find someone.
(20:37:53) htuf: 1) Are stores implementing their own anti-fraud systems or are they using ready-made services like receiving payment systems? 2) Is there a way to probe the merchant without first burning the material or only by trial and error?
(20:39:52) Payne: 1. Delat both so and so. 2. Alas, only by testing. No, of course, a preliminary inspection can tell something: the name of the anti-fraud system, the degree of its implementation in the store, etc. But all this will never give as much as practice can give.
(20:40:09) riba12: do I understand correctly - the Sphere browser is capable of emulating the OS, User Agent, fingerprint, etc. in each new open tab, for each task as needed? that is, there is no need to keep several virtual machines in which you need to reproduce the settings for issuing a new personality in each separately.?
(20:40:24) Payne: That's right.
(20:40:39) Koba787: Are there antidetects other than the sphere? or a separate lecture?
(20:41:12) Payne: Yes, but more or less tolerable no more than 3-5 pieces now. Well, for a separate lecture, it is just as true. I'm still not a lecturer on this topic.
(20:42:04) goldenbaum: 1) regarding the distribution of wi-fi from a specific device. how often it is necessary in today's reality. can raspberry be used for this?
(20:42:48) Payne: In today's realities, there is practically no need, except for some specific work. This is just one of the possible options for eliminating a specific, not the worst problem.
(20:42:58) Payne: Malinka is it? ..
(20:43:13) AlexFlex2134: prints similar to audio and others are not immediately visible and understandable, they are mainly used in the anti-front systems of giants like ebay, in small and less popular ones, antifraud is most often easier, so I am looking for unused shops and Basically, when adjusting to kx, do not use these nuances?
(20:43:57) Payne: Exactly. But even in large stores, they are not in the foreground: you always need to focus on the overall impression, and not one single indicator.
(20:43:58) goldenbaum: yes
(20:44:10) goldenbaum: rake the pie
(20:44:49) AlexFlex2134: Payne: this is understandable) that no one gets hung up on 1 nuance, you need a whole picture that you are supposedly the owner
(20:44:56) Payne: goldenbaum Let's just say if this function is executed, it doesn't matter.
(20:45:14) Izolentna: Will there be an example of system setup before work? In the plan, you told what to build for what. The theory is clear + -
Or is it to fill your cones before work and burn the mat?
(20:46:01) Payne: All parameters are universal. Before work is it all about the material? its location, time zone, the type of material itself.
(20:47:11) Payne: For example, under the hacked account of the store with its own cookies or under the customizable from scratch by driving from the purchased card, different configurations may be required. The same with all sorts of paper, work from the phone, etc.
(20:47:26) Payne: under the hacked *
(20:48:15) riba12: can the material be used only in the shops of the country to which it belongs? Or is it possible, for example, to shop YUSA with obscenities from South Africa, and a thorn there, followed by a reut?
(20:49:39) Payne: It can be different. Only there are, for example, bank locks for the region of use, the subtleties of the regions themselves, logistic problems, and so on up to VBV. I think the picture will become more complete after analyzing the relevant topics: Europe, directly driving.
(20:49:47) htuf: by VM. Are ordinary stock operating systems installed or do you need some tweaks? Can I download it myself or be sure to download it?
(20:50:20) Payne: There is no fundamental difference, except for the principle voiced in the lecture: prevalence and average.
(20:51:10) centurion_52: I would like to clarify. Store information on work on a working virtual machine like this? Create an encrypted container for this on a working VM, right?
(20:51:50) Payne: It is possible on a working VM, but do not forget that, in an amicable way, the VM itself should already be in the encrypted area.
(20:52:15) ame: Did I understand correctly, from the lecture?
1. Your own safety.
I put my vpn server on the main machine, then I go into the virtual machine. I work in the field
2. Directly work.
Purchase of SS, under the parameters I need. (the availability of tools in order to become like kx)
Or buying a CC, then setting up the system in the field for the KX parameters, this is setting the language, time zone, time, buying socks, a tunnel for the KX spare parts.
And then work ...
(20:53:37) Payne: 1. Well, if you have one of your own, then yes. And in general, it was said about just a reliable VPN (although your own is undoubtedly better).
2. Purchase, then customization.
(20:53:52) dat_user1: Is it better to take the proxy under the log, or under the SS?
(20:54:56) Payne: What log? The fact is that logs are different, including those already containing CC, so the question loses its meaning. In general, yes, under the material? be it CC or whatever.
(20:55:01) Yarah: why did you suggest using VPN from third world countries?
(20:55:44) Payne: Because the advanced states in most cases exchange intelligence information and cooperate on issues of the information space.
(20:57:10) adik89: Payne, thanks for the lecture, it was very informative. infa a lot, tomorrow I will slowly learn everything. Question - to whom to contact for questions on today's topic?
(20:57:44) Koba787: here it would be to digest and absorb it all) great lecture. brain broke
(20:57:47) Payne: To the question / answer conference, everything can always be sent there.
(20:59:04) Payne: So no questions? Then thank you all for your presence and wish you luck. See you.
Don't forget that we have a private channel with the most up-to-date information and material, please contact our support team @ouhom2 to enter