Software Config help for Scambaiting

Gday everybody,

I am having some trouble figuring out how someone like Jim Browning configures his Wireshark to get the GeoIP plugin working and how he gets his nanocore RAT file to appear as a PDF and how he bypasses the scammer’s AV software?

Cheers everyone

There are tutorials on how to use Wireshark

If I’m 100% sure they’re from india I just do: ip.geoip.src_country == “India”

I'm afraid I won't be able to give you proper answers to the other questions. "Appear as PDF" could be have an .exe with a PDF Icon ('Display File Extensions' is turned off) or a real PDF exploit

We will probably never find out how he evades AV and stuff like that. And I think it should stay that way. Otherwise everyone would do it and also his tactics wouldn't work anymore.

I would recommend you to find your own ways of doing that. There is much to learn (:

@multivitamin#150954 thanks for the reply man.

I’ll play around with my VM and getting around the AV on there then.

Would you recommend using a VPN Or something like port forwarding while scambaiting?

I would always recommend using a VPN, especially for stuff like this you should consider getting a VPN with port forwarding