Gday everybody,
I am having some trouble figuring out how someone like Jim Browning configures his Wireshark to get the GeoIP plugin working and how he gets his nanocore RAT file to appear as a PDF and how he bypasses the scammer’s AV software?
Cheers everyone
There are tutorials on how to use Wireshark
If I’m 100% sure they’re from india I just do: ip.geoip.src_country == “India”
I'm afraid I won't be able to give you proper answers to the other questions. "Appear as PDF" could be have an .exe with a PDF Icon ('Display File Extensions' is turned off) or a real PDF exploit
We will probably never find out how he evades AV and stuff like that. And I think it should stay that way. Otherwise everyone would do it and also his tactics wouldn't work anymore.
I would recommend you to find your own ways of doing that. There is much to learn (:
@multivitamin#150954 thanks for the reply man.
I’ll play around with my VM and getting around the AV on there then.
Would you recommend using a VPN Or something like port forwarding while scambaiting?
I would always recommend using a VPN, especially for stuff like this you should consider getting a VPN with port forwarding