lecturer: 2.

Now I completed HTTPS stripping ( withdrawal SSL

– SSLStrip ). And this is what the version of the site looks like
after the attack.
lecturer: As you can see, the difference is that you now do not
have HTTPS and most people will not notice this difference.
AND How I already said, server never Not will notice that
something is wrong because he is communicating with a proxy
that is behaving exactly as you would.
lecturer: https://i.imgur.com/i0Hr9em.png
lecturer: https://i.imgur.com/SHYhxql.png
lecturer: https://i.imgur.com/qLqO8qp.jpg
lecturer: I advise read This With color
lecturer: https://youtu.be/0wpxrPD90a4 — 1 Part MITM. How is
a MITM attack carried out?
lecturer: https://youtu.be/quZjKlrmCvQ — 2 Part MITM.
Let's attack net methods MITM
lecturer: By parts write down to myself on Homemade
assignment lecturer: also look, etc.
lecturer: more deep you can get into it By this question lecturer:
What can I say as an EPILOGUE
lecturer: I think that we have covered a lot on encryption, the
only thing I didn’t have time to sort out I wrote higher, What
We Not talked this option With PGP, OTR, ZRTP, OMAXA,
you can read about such protocols on Google or ask me, I will
give you information if you need it.
1
lecturer: Well With pgp And negative Think everything is clear
lecturer: according to ZRTP this is voice communication and
Omaha is a new type of encryption from series OTR only with
their buns
lecturer: from offline messages encryption conference chats,
etc.
lecturer: Encryption — This fantastic tool for privacy, security
and anonymity, this is the tool that really works And intruders
(hackers) will try to avoid it.
lecturer: Speaking simple words.. Neither Which fool Not will
make a direct attack on encryption.
lecturer: How they say smart in mountain Not will go smart will
go around the mountain. And you should keep this in mind. And
all they can do is find weak points.
lecturer: Remember happening With Ross Ulbricht creator
"Silk ways" He got caught on captcha. That There is on simple
little things, because people forget about the most important
thing, namely the simplest things... The basics, so to speak.
lecturer: That is, no one will ever brute force your passwords
other them much easier install to you keylogger on your
system, or send you a link to a site with an infected JS script
and carry out an attack, or a PDF file, etc.
lecturer: But as I said encryption, no one will ever want break.
Attackers will Just try bypass encryption. You should keep this
in mind.

2
lecturer: Security is the so-called phenomenon of the weak link
She so strong how much strongly the weakest link in the chain.
Strong encryption is often a strong point.
lecturer: We, human creation, How rule We are the weak link. As
they say, my tongue is my enemy

Introduction V safety on basis *unix similar systems

lecturer: Introduction V safety
lecturer: I'll try simple explain in language how you could
theoretically be hacked. I will do without complicated terms, For
ordinary users lectures. So same I will give you a colorful idea of
hacking an operating system, and more advanced users will read
between the lines the technical information.
lecturer: I believe that the user of any operating system, and
even more so those who are associated with it at work, need to
understand that professional viruses are not an executable file
that has been renamed into a document And ask you run (
Stiller or warrior ). And blocking macros will not always
prevent an attacker from executing code on your system.
lecturer: I myself use various operating systems, from Windows
to Linux, and have long been no longer a supporter of such
holivars, which I I'll sort it out a bit Later on example with
MacBooks).

3
lecturer: I Working on Linux But Sometimes I use Windows.
Further there will probably be a lot of negativity about Linux, but
it is not related With any fanatical beliefs, Just I want to tell you
objectively and convince you that it doesn’t matter what
operating system you use, you can be hacked anywhere.
lecturer: Remember my words, which I completed articles on
Encryption, namely in the Epilogue..
lecturer: Security is the so-called phenomenon of the weak link
She so strong how much strongly the weakest link in the chain.
Strong encryption is often a strong link.
lecturer: We, human creation, How rule We are the weak link.
As they say, my tongue is my enemy.
lecturer: Your choice operating room systems It has importance
for your security, privacy and anonymity.
Various operating rooms systems fit For various needs.
lecturer: For example, in order to draw graphics for you, I need
to leave Linux on Windows like this How do I need photoshop
And other graphic editors, about this We we'll talk again. But I
think the main message of the information is clear.
lecturer: Target this section help to you figure out in this
difficult situation. Answer the questions: which operating
system suits your requirements

4
based on from risks And For what You want to her use, for a
specific situation, for specific requirements.
lecturer: How is that V school, teach you orientation on the
ground, it’s exactly the same here, since your paranoia is good
you Not will bring it. After all without knowledge You you
can will only make it worse..
lecturer: Message And clarity
lecturer: Let's let's talk O our choice operating system And How
He influences on yours safety, That's why that the operating
system is the real foundation of your security.
lecturer: There are many misconceptions when it comes to
operating systems and security. You've probably heard For
example, What MacBooks Not can be infected with viruses.
lecturer: So same a bunch of of people constantly discusses,
How leaky the Windows operating system is can be discussed
for years, but I wonder how secure Linux is?
lecturer: And there are people, let's call them the Linux camp,
who believe that Linux is the best operating system. If ask lovers
Linux A If whether at you antivirus, then the only response will
be laughter.
lecturer: Argument such — Linux created professionals, and
everything there is protected by default (standard). So we put
our beloved dog on Ubuntu and you don’t have to worry about
its data.

5
lecturer: In general, there are two things that are infinite, the
universe And fools. WITH universe All It's clear, But How be
with the latter? Here's how to explain to various Windows users
that they can't work without antivirus protection? How can we
explain to the creators of MEGA Information Protection Systems
(antiviruses in common parlance) that it is impossible to protect
against hacking using an access matrix (this is when they block
the reading or writing of some files, that is, access control) and
that hacking is not always:
"Discovered threat: Process autorun.exe is trying to write to the
system registry branch."
lecturer: Your security looks good only in theory. Let's say you
are the same Ubuntu user, you install this OS on the PC of your
beloved dog Bob. Then many claim the following - If Bob on the
message myDocument.docx will arrive in the mail, then even if it
turns out to be an executable file, and he runs it according to the
instructions, nothing will happen - after all, for most actions the
root password is required (administrator password in the sense).
Are you seriously? Are you defending yourself from the invasion
of junior school representatives? Or is it from criminals who are
members of criminal gangs, control large financial flows and
simply mow down the money for their brothers?
lecturer: This is a reference to those users who use And blindly
believe V Facilities Protection Information ( SZS ) or those
courses, which them taught in textbooks on Information
Security (IS).

6
lecturer: A long time ago, when Linux was just in its infancy,
the majority of its users were professionals. But over time,
distribution kits that were convenient for the average user
appeared and the number of housewife users began to grow.
What does any housewife do? That’s right, he makes online
payments, and where the money is, a swarm of various rabble
flock there like bees to honey, who want to improve their
finances free of charge. 90% of housewives use Windows - and
viruses are being developed under this operating room system,
and only if at least 20-30% of housewives switch to Linux,
then large amounts of money will immediately be poured into
the development of malware. And reports from antivirus
companies show a slow but increasing number of such
programs.
lecturer: Ok, let's go back to Bob, there is only one reason not
to worry about your security - developing a Trojan for his OS
is unprofitable. But like this - it’s not economically profitable,
possible income for attackers will less expenses. For a long
time whether Will it continue like this is a big question.
lecturer: But still, technically, as far as possible, that Boba will
be hacked And data will they take you away? If horse Bob's
security lies in the fact that no one needs him and viruses have
not yet been written for his OS - then this is a game of Russian
roulette.
lecturer: Alice, girlfriend Boba, knows What on account Boba
lies round sum coins ( BEETHOVEN ) ) ) ), key lies on
Pinocchio's PC, and together with Pinocchio they decided to
figure it out for two. What do they need for this:

7
small starting capital, straight hands Pinocchio and a little
courage.
lecturer: Alice knows What Bean enjoys Ubuntu 14 LTS. How
does Bob imagine the hacking process? He, like most users,
believes that Alice will send him a file with an attachment by
email, which he will be asked to run, and since he considers
himself an expert in the field of PCs and the file He Not will
launch That Certainly his data V safety!
lecturer: Multi-move from Pedro
lecturer: Then Alice goes to some nameless and shadowy
resource And buys from Pedro vulnerability to favorite
browser Boba behind Nth quantity forever green. Pedro not
only provides Alice with technical information about the
vulnerability, but also sends Buratino (Alice’s accomplice) an
example of how to launch it.
lecturer: https://imgur.com/a/YMCfx
lecturer: Vulnerability, which receives Alice — Zero-day
vulnerability in the Google Chrome browser. For example, open
holes CVE-2015-1233 or CVE-2014-3177, CVE-2014-3176,
CVE-2013-6658 (see screenshots above) and how many of them
have not yet been closed and are known only in limited circles is
a big question . (we'll look at it in more detail a little later).
lecturer: cm. link higher (screenshots Where )
lecturer: As can be seen from the description of vulnerabilities
(see screenshots higher ) Alice Maybe execute code V context
of the process and it will work not only in Windows OS, but

8
and on Linux and Mac OS. The vulnerabilities are taken
randomly as an example. way. More once I repeat, This
BROWSER vulnerabilities .
lecturer: Pinocchio composes a script (JS - Java Script) and
writes shell code there (a set of lines that are written on the
command line), which should be executed on the target system
is Bob's PC. To do this, he needs to somehow pass the link.
First option with mail Alice And Pinocchio straightaway
shallows - Bean A careful user does not open links from mail.
Then they decided to improvise a little. They know that Bob is
an ordinary person and does not suffer from paranoia... Okay, in
short, it’s not the point, for simplicity Bob, he just followed the
link - Alice persuaded him, a gasket was created there, or some
other crap, it doesn’t matter. In general, he moved on.
lecturer: After Bob visited the link, in the context of his browser
process, a small code written by Pinocchio was executed -
literally a few commands, which subsequently downloaded the
body of the virus and proceeded to its execution. But how? Bob
is sure that Alice is just showing to him their photos, none files
on disk won't load no warnings, no passwords from root no one
asks.
lecturer: We raise privilege
lecturer: After Pinocchio’s development began to execute its
first instructions on Bob’s processor, question, A What do
further? IN theories Boba even if an infection occurs, then
nothing will happen to him, Bob

9
put difficult password For root access, Yes And enter suddenly,
no matter what, he won’t be there.
lecturer: Pinocchio and Alice had foreseen such a question in
advance his decided. That same most Pedro suggested them,
that he has a couple of zero-day vulnerabilities in the Linux
kernel, like fresh vulnerabilities in core versions 3.17 And 3.14
- CVE-2014-9322, CVE-2014-3153.
lecturer: After reading the description of the vulnerabilities,
Pinocchio realized that they would allow him to execute code in
the context of Bob’s OS kernel. AND All What to him
necessary This to his a malicious application took advantage of
these fresh holes and executed code in ring-0.
lecturer: While unsuspecting Bob is looking at Alice’s
photographs, Pinocchio’s code has already seriously invaded
the vastness of his system and neither the antivirus (there is
simply none) nor anything else can even display a message
about the intrusion. Since Pinocchio decided not to stop there,
he moved on. Once at the lowest level of Bob's OS, in which
only trusted code is supposed to be executed, Pinocchio began
search file, which responsible for launching the OS. Once
Pinocchio's software finds this file, it modifies it so that when
Bob's PC is rebooted, Pinocchio's code will continue to run.
lecturer: Rootkit (in Russian, "rootkit") - a program or set of
programs for hiding traces of an attacker's presence or malicious
programs V system.

10
lecturer: And so Buratino and Alice got access to Buratino’s PC
running Linux OS, but how could they hide their presence? Bob
is not a fool and will check the integrity of the OS system files
every 5 minutes. To do this, Pinocchio decided that they would
rewrite the code of the operating system itself, which loaded V
memory PC Boba, But How? After all, if the same actions are
carried out on Windows OS, then one small system component
will detect this and forcefully restart the PC.
lecturer: Bean behind my safety Not worries - after all, even if
the attacker’s code is executed in the kernel, in the latest
versions of the Linux kernel, system memory areas are write-
protected. Even if Pinocchio tries to rewrite the OS code into
RAM, the processor will generate an error and the PC will
reboot.
lecturer: Then Pinocchio opened the documentation for the
processor, which costs on PC Boba And became study… He
knows that Bob's processor architecture is x86, but what does
that do? After all, the pages it needs in the kernel are write-
protected. Then Pinocchio drew attention to the cr0 register - a
small memory block that stores the data with which the
processor works. What happens if I set the 16th bit to zero,
quickly overwrite the necessary kernel methods and
immediately restore the register
— thought Pinocchio. AND So And did, How It turned out that
if you reset this bit to zero, the write protection can be
temporarily disabled.
lecturer: So way Pinocchio received full control over Bob's OS,
and the vulnerability was later found and fixed, but

11
the program code that has become embedded in Bob’s OS in this
way can no longer be detected. Minute integrity monitoring
shows that not a single file in the system has been changed - the
Pinocchio program simply replaces it when reading. There are
no new processes - the malicious process is simply hidden and if
there are solutions on another OS that for a long time already
discover such technology, That under Bob's OS doesn't have
that.
lecturer: IN in general, conclusion, Alice And Pinocchio took pity
on Bob... and deleted all his files. Oh well, seriously, never be so
fanatically confident in anything. I tried to present the essence of
the problem in a simple manner and without technical terms.
lecturer: Epilogue
lecturer: I wanted to show simple principles with this simple
story. How does all this happen, that it is necessary to clearly
separate virtualization and use, because virtualization This
more one large-scale thing V your security setting. We will
return to this later.
lecturer: That There is Not try surf some resources on your PC,
open suspicious links and download some unnecessary
software, and it’s not clear from where, carefully approach
your security issues regarding JS and enable it on trusted
resources, and much more.
lecturer: But as I promised earlier, I will not give you nightmares.
Usually such vulnerabilities are worth Not small money, And fact
Togo

12
what exactly you will be hacked decreases, despite the fact that
they will be interested exactly you, probability extremely small
lecturer: Grade risks
lecturer: In this part of the article, I would like to visually
make some kind of risk assessment based on these points, so
that you can also do it yourself. without any special skills,
purely by your logic. It’s not for nothing that we abstracted in
the previous article And dismantled vulnerabilities penetration
modeling and other issues.
lecturer: But why do you ask... Why did I tell you about this
now, because it’s not only security measures that matter. We
worry about what our actual risk is in the real world, and to
determine that we also need to take into account the history of
bugs and security vulnerabilities. Just how weak was this
particular operating system? You may be wondering which
operating system we will be using. count most weak? Windows
OS X or various Linux systems, possibly the Linux kernel,
which was the most vulnerable in history?
lecturer: https:// www.cvedetails.com is a free database/source
of information about CVE vulnerabilities (This is a generally
accepted standard for naming vulnerabilities present in
commercial and open-source software products ). Can view
intelligence about vulnerabilities by CVE number, exploits,
links to vulnerabilities, metasploit modules, full list of
vulnerable ones

13
products And cvss reports about estimates And tops
vulnerabilities over time and much more.
lecturer: Let's let's try do some work With data website. To
begin, we will go to this page of the site - https:/// www .
cvedetails.com/top-50-products.php - here is a list: “Top 50
products by total number of vulnerable vulnerabilities” (from
1999 to the present).
lecturer: And as we can see, on the first line we have the Linux
Kernel - speaking in Russian. This is Linux Kernel, like We we
see it takes first line By quantity.. And you probably ask what
the hell? Linux, you should be the standard.
lecturer: Okay, let's figure it out! Numbers which are depicted V
right column, This quantity vulnerabilities found in a particular
operating system or application.
lecturer: https://i.imgur.com/yz6dmcX.png
lecturer: https://i.imgur.com/LhiTLgC.png
lecturer: Between data on screenshots difference V 3 months
lecturer: Let's let's go down V most bottom web pages. We see
there the following “Total number of vulnerabilities in 50
products by manufacturer” (see screenshots above).
lecturer: And as we can see, Linux no longer occupies the first
line, but you say that Windows (Microsoft) is constantly updated,
Yes And at her a bunch products on market

14
Office And other programs, A at Apple There is various versions
of the operating system and they also have their own nuances..
lecturer: Yes All right. All You you will you're right But And at
Linux there are a lot of things... Let's take a closer look at the
specifics of this use.
lecturer: I Want teach you independent analysis. And it’s best to
teach at least the basics, just so that you start to think with your
own head, and not with the head of some school hacker who is
divorced right now and who wants to sell something without
knowing the niche itself and many of the issues that will flow
from it.
lecturer: OK Not we will strongly abstract, better let's All
let's sort it out on in fact, A there I Think You All You will
understand what I want to tell you about.
lecturer: Go to the page https:/// www .
cvedetails.com/vendor.php?vendor_id=33 — this page shows
Linux Vulnerability Statistics
lecturer: https://i.imgur.com/eYcMyc6.png
lecturer: https://i.imgur.com/r8bDjUF.png
lecturer: Let's let's get acquainted initially on What It's worth
paying attention (see screenshots above).
lecturer: 1. Quantity vulnerabilities By years
lecturer: 2. Vulnerabilities by type
lecturer: Now necessary disassemble, on which parameters
worth paying attention to:

15
lecturer: First on What We must reverse attention - this is the
number of vulnerabilities by year (number 1), how can we see
that every year there is a trend towards an increase in the
detection of vulnerabilities;
lecturer: Second on What We must reverse your attention
— This on degree dangers vulnerabilities ( number 2 ), How We
can see the serious issues here are code execution (Execute Code)
and buffer overflow (Overflow).
lecturer: Red And orange
lecturer: • Red column - This performance code on the client
side without his knowledge, I think there is no need to tell
what the consequences are.
lecturer: • The orange column is a buffer overflow, i.e. refers to
the phenomenon that occurs when a computer program writes
down data behind outside the allocated V memory buffer. It's
fraught those that increasing the level of privileges and a lot
more .. You can find out more at
https://ru.wikipedia.org/wiki/Buffer_overflow
lecturer: https://i.imgur.com/ilfcwll.png
lecturer: https://i.imgur.com/Ny4goay.png
lecturer: AND For completeness paintings We Can rise a little
higher, and see a table with trends in vulnerabilities over time
(see screenshots above) using structured data, we can easily
perform an analysis, since we see the ranking of the data by

16
temporary cycle ( of the year ) A So same by degree dangers of
vulnerabilities (these are columns).
lecturer: How We we see on first screenshot behind October
2017: 166 potentially dangerous code execution vulnerabilities
were found (number 1) and 37 potentially dangerous
vulnerabilities By overflow (number 2);
lecturer: Then, when 2017 ended, we see the following statistics:
169 vulnerabilities By code execution and 42 buffer overflow.
lecturer: A small note, I’m just updating the training and for this
I can make the following statistics, in fact, you don’t need to
wait 3 months, you can compare by year. I just thought What
Fine would give such statistics, A old do not delete.
lecturer: https://i.imgur.com/yYYTnra.png
lecturer: https://i.imgur.com/JjAUSS3.png
lecturer: Detailed statistics By vulnerabilities: 1st code execution
and 2nd buffer overflow
lecturer: You can also click on these numbers and see detailed
statistics about vulnerabilities ( see screenshots above).
lecturer: Analysis developers
lecturer: Now we have a small picture of how everything works,
We sorted it out This on basis Linux But For analysis requires
several candidates. Now I will look at

17
brief capacious form on example 3 main developers, namely:
lecturer: • Linux
lecturer: • Microsoft
lecturer: • Apple
lecturer: https://i.imgur.com/LhiTLgC.png
lecturer: We took this screenshot V beginning
lecturer: How We Can see ( cm. screenshot higher ) in the
general statistics of vulnerabilities for all products:
lecturer: • Microsoft - 8938 vulnerabilities;
lecturer: • Apple - 5408 vulnerabilities;
lecturer: • Linux Kernel - 2000 vulnerabilities.
lecturer: https://i.imgur.com/Ny4goay.png
lecturer: https://i.imgur.com/oep1hkM.png
lecturer: https://i.imgur.com/6GUuyXq.png
lecturer: above down: Microsoft, Apple Linux
lecturer: https://i.imgur.com/ESqV1dc.png
lecturer: So that to you was more Just open And finish reading
lecturer: Otherwise you still won’t understand
lecturer:
https://i.imgur.com/6uNE2SP.png
lecturer:
https://i.imgur.com/6uNE2SP.png
18
lecturer: https://i.imgur.com/SgrbSMH.png

19
lecturer: Here easier will By screenshot
lecturer: Let's look at some of these beliefs, based on facts And
statistics, And let's find out To why we actually we come when
it comes to the security of these operating systems.
lecturer: So, first of all, we will analyze Windows, how leaky the
Windows operating system is can be discussed for years.
Actually, as I said earlier... Just look on statistics previously
described and at you V consciousness, the same red light should
light up, which would signal you.
lecturer: Yes And at all PAYNE guru Windows All questions
for Windows to it =)
lecturer: But statistics are statistics, but let’s figure it out Why.
U her initially was weak security system.. It is worth giving it
its due. In later versions of Microsoft's operating systems, they
began to take security issues seriously.
lecturer: And taking into account the latest products, the latest
means security type: BitLocker EMET Device Guard, Windows
Hello and Windows trusted apps, there is now a completely
serious set of security tools.
lecturer: But really whether This So? At all I I agree that the
security of operating systems of the Windows family is
gradually improving, but this is not enough, especially for us.

20
lecturer: In these operating systems, everything is closely
interconnected with Microsoft servers, all your actions in the
system are reported like threads to Microsoft servers, Windows
also fails, especially in the current version of Windows 10,
problems related to surveillance and confidentiality, This Not
especially connected with security measures, but this puts some
people off, let alone us..
lecturer: I would recommended familiarize With given article:
https://wwh-club.net/threads/98628/ - so that you can look at
the whole picture from the outside.
lecturer: Important point: If you read the license agreement from
Microsoft that comes with every operating system system
families Windows You you'll see what are they they will give up
your BitLocker encryption key at the first call from law
enforcement agencies, and this in turn makes you think, what
the hell is Windows?! Why are you storing my encryption
passwords on your servers, what the hell.
lecturer: The fact is that by “checking the box” in the license
agreement with Microsoft, users give the corporation the right
to dispose of their data. “We may access, disclose and retain
your personal information, including any content, any files on
your devices, in your emails and in other personal
communications, if we have reason to believe This necessary
for guard our clients or to comply with the terms and conditions
governing the use of our services,” the license agreement states.

21
lecturer: In other words, everything you say on the Internet,
write, save, create or download on your computer or any friend
devices With Win 10, All it can be remotely deleted or copied
from you - if someone at Microsoft decides that they need it.
That is, according to the terms of Microsoft’s EULA, even
government approval is not required to interfere in the personal
lives of clients and control it!
lecturer: Enough only permissions at installation O.C. from
users too lazy to read the entire license agreement.
lecturer: As I said, I will not disassemble Windows, my goal is
provide to you information, to You her saw and made some kind
of comparative visual analysis.
lecturer: Rather Total I soon time I'll write article about this, and
then I will refer to it... It will be published in my section. If I can
find time for this...
lecturer: Mac OS X
lecturer: Next we have Mac OS X, today, again, like Windows,
it contains reliable security features. Things like randomizing
address space allocation, sandbox For launch applications,
FileVault 2, privacy settings and Apple's trusted application
store (AppStore). All strong security features.
lecturer: But If would Not one "BUT" Mac OS X so same has
privacy issues

22
lecturer: If you upgraded to Mac OS X Yosemite (10.10), and
you use settings By default, every once, when you start enter
Spotlight ( to open application or find a file on your computer),
your local search terms and location which are sent to Apple and
third parties (including Microsoft) (see screenshot
https://puu.sh/xTGkj/dbe1f88d3e.png).
lecturer: there bracket And point V address erase
lecturer: The Washington Post also published a video
demonstration tracking V real time Yosemite.
lecturer: Let's open it https:/ /www .
washingtonpost.com/posttv/business/technology/ho w-apples-os-
x-yosemite-tracks-you/2014/10/22/66df4386-59f1- 11e4-9d6c-
756a229d8b18_video.html
lecturer: By the way, the other day information came out about
poppy seeds, specifically about breaking Not Very nice news, I
Not prepared text under it, but it takes 2 times to google
lecturer: Let's let's sort it out This video, And at whom Badly
with English, I will try to make out all the main points that you
have just looked at.
lecturer: 1. For example, a simple Spotlight search output is a tool
For search files V yours operating room system now transmits
your location and the names of the files you are searching for to
Apple on an ongoing basis. You may notice that your location is
being reported to Apple even though you are not shown a
notification icon. They decided

23
hide this notification under the pretext that users will be
overwhelmed by too many notification messages. It means that
If You agreed use services geolocation, then you have also
consented to the sharing of your location information with
Apple ( see screenshot https://puu.sh/xTGyC/11d372083a.jpg
)
lecturer: Let's open the .gif animation (
https://puu.sh/xTGZQ/58a24bfd28.gif ) And let's sort it out her
lecturer: You may notice that data starts being sent before you
type the text, also when you press keys, That There is By I'm
walking recruitment text, data also sent ) )
lecturer: As we see, the author of the video says: “I am looking
on my computer for a document called “the secret plans that
Obama leaked to me,” and Apple receives information about
this along with my location and user ID, which is a unique
string of letters and numbers , used to identify me. Apple tells
us this value is changing every 15 minutes, But us have to
believe V that the new value is not tied to the previous one.
Again, they receive information about our location, and as the
author shows, what is really He located V office Washington
Post, based on the transmitted coordinates.
lecturer: OK Let's fast let's talk, How same we can turn off
these surveillance things

24
lecturer: To disable these things, first we need to go to System
Preferences > Spotlight ( https://puu.sh/xTJ6F/e59027c2cd.png
), we see in the screenshot all the places where Spotlight looks
to carry out search For you. This Maybe be Very healthy.
However, this can also be a privacy issue, as you may have just
seen. I would recommend turning everything off, but if you need
something you can of course leave it on.
lecturer: If You use Safari That to you you need to disable the
following, click Safari > Preferences > Search and you need to
uncheck Include Spotlight Suggestions ( see screenshot
https://puu.sh/xTJ2m/dcb32d4c13.png )
lecturer: There is also a good website ( https://fix-macosx.com/
), it contains a large amount of information O problems
confidentiality V Mac OS X. More specifically regarding this
problem, the site’s certificate has expired and the project seems
to be dying. But if anyone has an old axis, you can deal with
this problem, so I think it’s inappropriate to write about this
lecturer: Well this is old stuff already So That
lecturer: Next we have Linux-like operating systems, which
are actually the basis of our course. Please read With this
article, before how read further - https://wwh-
club.net/threads/108852/
lecturer: IN yours case I gave it yesterday

25
lecturer: But you can So same write down on homework Who
haven't read it yet
lecturer: Maybe Not we will stop Then who wants to take a look
lecturer: At all recommended would
lecturer: Linux-like operating systems, Unix-like operating
systems. There are a wide variety of them, I group them all into
one category. If you looking for the most protected operating
rooms systems, That you will find them here, or rather, it would
even be said ONLY here.
lecturer: Things like SELinux are a good example of this, this
is an implementation of delimited mandatory access control -
MAC, which satisfies requirements government And military.
lecturer: Definition: Mandatory access control (MAC) -
delimitation of access of subjects to objects based on the
assignment of a label privacy For information, contained in
objects, and issuing official permissions (admission) to subjects
to access information of this level of confidentiality. Also
sometimes translated as Forced Access Control. This is a
method that combines protection and restriction of rights applied
to computer processes, data and system devices and is designed
to prevent their unwanted use.

26
lecturer: SELinux (SELinux) is a forced access control system
implemented at the kernels. This Not so many important
moment For you to focus on this point.
lecturer: We will look at more standard operating systems:
Ubuntu Debian, Fedora, Arch Linux Tails And etc - again, they
all have fairly reliable security features.
lecturer: When We we are considering Windows Mac OS X
and Linux, they are all in similar conditions.
lecturer: But when it comes to their existing means And
functional possibilities security. When we add privacy to the
security package, we need to start looking at Linux
distributions.
lecturer: I would recommend using Linux distributions for
security, but you will have to sacrifice interoperability and
usability. For example, you will not be able to use Photoshop or
Microsoft Office, although this solvable at help "wine" - What
This such You You can watch it on YouTube, or maybe I’ll
cover it in this course. I don’t know, it takes a lot of time to
write, catastrophically a lot...
lecturer: IN two words, If You do not you know exists many,
many operating systems that have evolved in some way since
the mid-1960s from an operating system called UNIX (it was
led by a paid system for corporations, etc.)

27
lecturer: I promised to give you a list of operating systems
when said, What costs choose systems which there is money to
quickly eliminate vulnerabilities, you can look here clearly how
many Linux distributions are there? and from whom they came:
lecturer: To do this, open:
https://upload.wikimedia.org/wikipedia/commons/1/1b/Linux_D
istribution_Timeline.svg - the advantage of this link is that it is
*.SVG format, therefore you can search for this family tree
through Ctrl+F directly in the browser;
lecturer: Just look How a lot of operating rooms systems are
based on Debian, now you can return to the statistics that we did
in the analysis earlier, and look at it from a slightly different
angle.
lecturer: And from them All is developing V in general look
carefully, stick it in, then go read further
lecturer: there By the way ctrl +F works
lecturer: I would recommend using distributions based on
Debian - Debian, Kali Linux Parrot OS A also Fedora, Arch
Linux
lecturer: IN end will list With in a bunch jistriubtives on Debian
and in the same place with a small note
lecturer: Let's A little let's talk about these operating systems
lecturer: How You already noticed at detailed acquaintance With
*.SVG infographics higher, 2-a main community - this is
Debian and RedHat, there are also a bunch of others, but like
me and

28
said earlier: "if you have a lesser-known Linux or Unix-like
operating room system, That You you can find that patch
releases are slower because them Not are worth huge multi-
billion dollar corporations in which the release of all corrections
is on stream."
lecturer: So same This concerns By about saporta from the
community and so on...
lecturer: Fedora Linux — This Linux distribution With one of the
largest user communities, among other distributions. But it is not
as popular as Debian.
Among users walks opinion, What Fedora complicated in use and
configuration.
lecturer: weighty plus this systems V volume What Fedora it is
only free software. The Linux operating system is very often
considered free software. But this is not 100% true. Although
most of the software you use is free, some hardware drivers and
firmware are closed source. There are also open source
components with a limited license, such as media codecs.
lecturer: At the very beginning of sharing Linux, I asked you to
read the article that described security issues And proprietary BY,
How once exactly To this reference.
lecturer: Developers distributions determine how often their users
will come into contact with proprietary software. They can

29
to include in compound distribution media codecs, video card
drivers And network adapters, A Also additional modules, for
example, Adobe Flash. It will help users listen to music, play
games and browse the web, but it is proprietary software.
lecturer: Fedora takes a principled position on this issue. This
helps to avoid judicial claims against Red Hat. Proprietary
software is simply not allowed in the repository. The
distribution will not prevent you from installing such programs,
but will also help it won't either. You will have to use third
party repositories, For example, RPM Fusion. This one from
points why Fedora is considered difficult. But add uploading a
repository to the system takes just a few minutes.
lecturer: But Here such articles https://habrahabr.ru/post/337290
, of course, they are slightly misleading.. Since previously, non-
commercial products, as far as I remember, were not subject to
such prohibitions. The Fedora Project, although sponsored by
Red Cap to develop new technologies, is a non-profit structure
and does not make any profit from its activities, as far as I
understand. This is all strange.
lecturer: Arch Linux is an independently developed distribution
Linux optimized For architectures i686 and x86/64, aimed at
experienced Linux users.

30
lecturer: In general, you need to be a competent user, to use this
system, to you you need to be aware of this in advance. It uses
Pacman, a proprietary package manager from the creator of
Arch Linux. Pacman ensures the installation of current updates
with full control of package dependencies, working on a system
of rolling releases or rolling releases. Arch can be installed
from a disk image or from an FTP server.
lecturer: Let me explain manager packages / repository — This
like the App Store or Google Play from where you can download
and install the application or program you need in 2 clicks .
lecturer: The default installation process provides a reliable
foundation that allows users to create a custom installation. In
addition, utility Arch Build System ( ABS ) provided the ability
to easily build new packages, modify the configuration of stock
packages, and share these packages with other users through the
Arch User Repository. It is a lightweight Linux distribution. It
is installed primarily on freeware And open source software
software and software from the community-maintained AUR
repository.
lecturer: Ubuntu - To dismiss this question, I’ll say right away
that Ubuntu sends yours data 3rd persons without your consent.

31
lecturer: If you are an Ubuntu user and you use the default
settings, every time you start typing Dash (to open an
application or find a file on your computer ), your search terms
sent to various three persons some from which advertise you.
lecturer: By the way, you can remember the situation about
Windows which decided distribute Windows 10 for free, But V
As a result, it collects all data supposedly for advertising, that is,
all your personal information And etc. IN in general Not Want
repeat for this reason, since the bias is not more precisely in her
direction, I have already talked enough about her. If you want
more information on this system, at least read the WIndows
License Agreement. And your eye will start to twitch )
lecturer: To the Ubuntu account to prevent sending data 3rd
persons to you need to be done row instructions on this site
https://fixubuntu.com/ follow the instructions indicated here, it
shows how to change the necessary settings. Previously, we
examined a similar situation using Mac OS X as an example.
lecturer: However, I don’t recommend Ubuntu in any case, I’m
just bringing this up for your interest in the event that you
happen to be using this system. Ubuntu is better for privacy and
anonymity than Windows or Mac OS X. I recommend Ubuntu
to people with no experience work With Linux And those who
consider What given The above distributions are too complex to
digest for them.

32
lecturer: Eat forks Ubuntu Mate there like How this is fixed
lecturer: Debian — This operating room system, based on
Linux, it is a Linux distribution. It consists entirely of free and
open source software, most of which is under the GNU General
Public License.
lecturer: Distribution Debian contains more 51 000 packages of
compiled programs that are packaged in a great format for easy
installation on your machine.
They are all free. It looks like a tower. At the base is the core,
above it are the main tools, then come All programs, which You
launch on computer. At the top of this tower is Debian, carefully
organizing and putting it all together so that all the components
can work together.
lecturer: WITH like this approach yours system Not will knock
on Microsoft's home servers.
lecturer: Tails is a Linux distribution based on Debian, created
to ensure privacy and anonymity. It is a continuation of the
development of Incognito OS. All outgoing connections wrap
up V anonymous the Tor network, and all non-anonymous
ones are blocked. The system is designed to boot from LiveCD
or LiveUSB and leaves no traces on the machine where it was
used. The Tor Project is the main sponsor of TAILS. The
operating system is recommended for use by the Foundation

33
free press", A Also used Edward Snowden to expose PRISM.
lecturer: His use only For surf To example
lecturer: So How you'll get fucked With him sho momma Not
grieve your ass will burn like hell
lecturer: TO example came somewhere stuck flash drive with
surfed your OS and pulled everything out
lecturer: Kali Linux — GNU/Linux-LiveCD, emerged as a
result of the merger of WHAX and Auditor Security Collection.
Project created Mati Aharoni ( Mati Aharoni ) And Max Moser
(Max Moser). Designed primarily for safety testing.
lecturer: The predecessor of Kali was BackTrack, created on the
basis of several Linux distributions. Originally intended For use
on OS slackware, A then smoothly switched to Ubuntu.
Afterwards Debian became the basis.
lecturer: Parrot OS — Dialer popularity Sesurity is a
distribution based on Debian-linux. Quite easy to learn,
suitable for both beginners and professionals. This distribution
is aimed at both penetration testing and anonymous work on
the Internet.
lecturer: Quite an easy and effective tool, many security
specialists found V him replacement All more
"gluttonous" Kali, especially since Parrot uses repositories Kali
For updates. Uses graphical environment MATE and display
manager LightDM.

34
lecturer: By functionality He similar on Kali Linux Here A huge
amount of special software for security testing is also supplied
with the system.
lecturer: As you can see all the systems that I mentioned higher V
mostly So or otherwise are based on Debian. (from Ubuntu and
below
lecturer: How you handle security updates in Linux will depend
on the distribution you use. I'm going to talk about updates
security on example Debian And systems based on Debian.
lecturer: Look, here https://wiki.debian.org/Derivatives/Census
all derivatives are listed from Debian distributions. Many from
them - these are operating systems important for the security
field, such as Kali, Tails and so on. The Debian project is doing
great work to provide security updates for Debian.
lecturer: Here here you can read about distributions other
lecturer: Safety — This a priority For this project and this
operating system.
lecturer: If You want to find details problems security patches
are released to fix them, then take a look at the security
information page provided by Debian.
lecturer: https:// www.debian.org/security

35
lecturer: If you go down, you will see all the updates. You can
click on any update and get more information about that
specific update. You can go to Miter CVE directory and find
out more about the vulnerability you select. Here are detailed
information about this vulnerability. We see even more details
here. And from here we can get into various sources For more
quantities information, and in principle, we can even find
exploit code for this vulnerability. We examined this earlier
using the example of the site https://www.cvedetails.com .
lecturer: According to the Debian Project, they process
everything Problems security, brought before their attention,
and correct them within a certain reasonable time frame. They
also say that many security alerts are coordinated by other free
software vendors and published on the same day as a
vulnerability is found, and that they have an internal Security
Audit team that searches the archives for new or unpatched
security bugs. They also believe that security by hiding doesn't
work, and that making information public allows security
vulnerabilities to be found, and that's cool.
lecturer: All this is good, that’s why I recommend distributions
based on Debian V quality The main reliable operating system
for everyday use when it comes to security, privacy and
anonymity.

36
lecturer: I decided not to give an analysis of the installation
example, etc. the only thing that you must understand is that
you need to write the installation flash drive to ddimage mode
through rufus To for example, A Linuxoids can use the dd
command for this.
lecturer: https://i.imgur.com/tD3lDok.png
lecturer: This is what dd image is
lecturer: In order not to simply clutter up and make a mess in
your head, if there are those people/group of people who have
decided to master the Linux environment. You can install the
system directly address co to me or How I and said earlier to
contact via correspondence QUESTION / ANSWER.
lecturer: Where already vss will consult And to help with certain
questions, essentially the segment of your actions is similar to
when working with Windows and what Payne will tell you, so
the installation is perhaps a little different, but everything is the
same.
lecturer: Very a lot of video be on YouTube which shows an
example of installing the operating system, partitioning the
disk and other points.
lecturer: Linux is an amazing system that you need to learn to
work with and it will become your true friend. It’s like with a
pet, how you train it, how you master it, like this flexible And
half-shunny He will For you.

37
Safety And anonymity V networks. Setting up a virtual
machine
lecturer: Hello time days, ladies And gentlemen! Today I will
give a lecture on the topic "Security and anonymity on the
network. Setting up a virtual machine"
lecturer: Lecture will divided on some parts:
- Safety
- Virtual machine and related parameters (parsing virtual
cars For surfing For communication, parsing a virtual
machine for typing),
- Storage And turnover of funds
lecturer: During the lecture I will explain the basic methods and
parameters, A Also I'll give useful links And recommendations.
Begin With first And basic-basic parts. lecturer:
Security.
Let's get started With Togo, What must be And So everyone
extremely It is clear that everyone should accept as a certain
"TABOO" and never do this:
lecturer: Don’t wag your tongue, not on the Internet, not in
life. You and I are not engaged in freelancing, therefore no one
ever needs to know where you are from, what your name is,
how many children you have and any other personal
information, it doesn’t matter, Who asks - Friend or familiar,
any may not be who he claims to be, and even me.
lecturer: How it says: "Personal must stay personal, work - work"

38
lecturer: Nicknames. Not use nicknames, which you took it from
your VKontakte, Steam, email or any other service or site. Used
in in the white sphere, nicknames can bring people out of the gray
sphere towards you; it has happened that it was enough to simply
google a person’s nickname to find out everything about him and
his loved ones.
lecturer: Do not register emails and accounts on your phone
number; services providing mailbox services will easily provide
information upon request. For reception sms Can use online
Services, For example:
< http://sms-area.org/>
lecturer: Such services a lot of, Can their Just Google for
"receive SMS for registration"
lecturer: Mailers such as gmail.com & hotmail.com can
register mail without reception sms, If ip earlier Not was
used V their system. For mail.com sms not required.
Not use personal mail at registration on gray websites and shops,
create separate ones for these purposes.
lecturer: Never Not costs think, What Here, "I Not a fish so big
that they’ll look for me” - often such people then look for
money for lawyers, don’t delude yourself, never neglect
safety, because it’s better to sleep peacefully.
lecturer: The next TABOO: never work in the Republic of
Uzbekistan/CIS/Ukraine and the entire post-Soviet space. Don't
hit V such shops, Not use such cards And Services -

39
nothing, otherwise the secret services will quickly find you. In
the news more often show those, Who have worked By his
country is a funny observation.
lecturer: Accept parcels only through intermediaries, forwarding
Services or drops. Not shine their names are nowhere to be found.
lecturer: Jabber And All rest facilities communication is better
keep V virtual car, If store on the main one - it is better to
disable saving history and passwords.
If to you road own ass, her cosiness, comfort and integrity - better
observe these taboos.
lecturer: Jabber use on safe servers, which you can trust, for
example:
www.so And rest servers www.exploit.im
_
zloy.im
lecturer: Never neglect Guarantor Service, even Not good big
amounts, better save nerves And money, and lose a little time
than the other way around! It doesn’t matter whether he’s a
tuber, a moderator or a friend - he’s the same person as you,
regardless of the number and color of ribbons under a
nickname, regardless of reputation, anyone can go all out and
start cheating on their own/strangers.
Precedents heap, V first queue study on other people's
experience.

40
lecturer: Let's get started To analysis virtual cars and related
parameters
I recommend using virtualbox or vmware. Don't forget include
virtualization V BIOS your his PC - otherwise the virtual
machine will not be able to work.
lecturer: Better will be if You place virtual machine image V
encrypted flash drive (or ssd) or container. For a flash drive, the
best parameters are USB 3.0, 32-128gb.
SSD how more those better, But look By yours needs. We will
encrypt with the following software:
A) truecrypt 7.1a
b) veracrypt
Both option interchangeable. Use or A, or b.
lecturer: Option A - truescript versions only 7.1a, the rest are
unsafe, and veracrypt is a continuation of the truecrypt family,
since the truecrypt was abandoned by the developers. I use option
b - veracrypt.
<https://veracrypt.codeplex.com/>
lecturer: Let's crypto flash drive/ssd, or create a container on PC,
and inside container place the virtual image cars. Now, before
starting the virtual machine, you will first need to open the
encrypted container using a password. How to encrypt - you can
see in the help the program itself or Google it, it’s not difficult
and requires literally pressing a few buttons.

41
lecturer: Eat two alternative containers option, namely :
- encryption Total hard disk on yours computer
- Creation hidden OS
lecturer: With regular containers, the encryption key can be
taken out of the hibernation file and removed from RAM, so we
disable hibernation on our computers. But when using a hidden
OS, you can put all the information and files in it, and even if
you are tortured, You you can issue password encryption from a
regular white OS, while the hidden one will peacefully store
your files.
lecturer: Encryption Total hard disk - long (y it takes me about 6
hours of encryption for a 1TB disk), but it’s a reliable tool,
because even if it’s turned on, you can’t get the keys out of
hibernation, and in order to have time to remove them from
RAM, you have to try very hard, all that’s left is brute force,
and then we move on to the next point security, namely
passwords.
With a hidden OS or disk encryption, to start the system need
to will enter password V boot-loader That there is even before
the Windows account password, before turning on the system
itself
lecturer: On any forum, page V social network, mail or hidden
container, you must follow the MANDATORY points when
choosing a password:
1. Length Not me 15 characters, better All thirty

42
2. Upper+lower case, numbers and special characters.
Example good password: sHO&D=633qwvBB!aC{6} - it
will take decades, or even centuries, to crack this password.
lecturer: 3. On one forum/shop/website - one, unique password.
4. Two-factor authentication - use everywhere, where there is
opportunity.
5. Keep password Can, For example, V keepass or head :)
lecturer: If use the same passwords, there is a high probability of
hacking everything possible.
Nobody Not insured from plum or sales bases data at some
Dedik shop, for example.
lecturer: Attackers Just get your password, and then they go
around in circles on all services/forums and take away everything
they can.
lecturer: But a strong password is not a panacea, because they
can intercept it directly from your system by attaching a stealer
to it, malware or another virus. Exit banal And simple
- create a separate virtual machine (any virtual machine at
all) specially For software And dirty, unverified files.
lecturer: And run everything ONLY on this virtual machine, it’s
better to let it suffer than your computer. Maintaining basic
hygiene rules is much easier than Then lose accounts or pay
victims, so don’t be lazy and do it, but you’ll sleep peacefully.

43
lecturer: Purpose virtual cars For You will be divided into two
points, namely:
- Surfing, communication, everyday usage
- Job, driving in
lecturer: IN dependencies from purpose setting will be divided
into two types, let's start with the first, here anonymity and
security are more important to us than the state of the readiness
system To drive in, however first subparagraph matches in both
cases.
lecturer: List minimum necessary bases programs for surfing
and communication:
- VPN. - At least one, ideally doubleVPN. We use VPN from
third world countries or at least another continent. VPN service
NOT must lead logging. When connecting to a VPN, your IP
should change to that the country you included. You can check
it here: whoer.net
VPN put on main car lecturer: - TOR
Browser
<https://www.torproject.org/ >
If at site There is mirrors V onion zone(in tore), Use these
features to maintain greater anonymity!
lecturer: - Jabber / ICQ

44
Judging By to that What V the moment You All are you reading
This in Jabber, there is no point in describing this program, but
take a couple of recommendations into account:
lecturer: 1. Don’t be a toad! They’ll start being abusive, they’ll
start spamming, and this will cause more headaches, and no one
needs that. If Very I want to - For public exhibiting create a
separate jabber account.
lecturer: 2. OTR encryption. IN klente jabber PSI+ it is included
in the plugins, downloaded and installed for Pidgin, there
should be no problems. Neg - encryption, making the
communication space more secure. It is also available for ICQ. I
don't recommend using Skype, it's not secure.
lecturer: Also replace V system their DNS For example, to
Google < http://support.li.ru/google-dns/win7/>
They can also be registered in the router. For greater effect,
you can use software DNSCrypt, - take on note and check out
the functions yourself on the Internet.
lecturer: - Browser for surfing (I recommend firefox) - disable
webrtc. WebRTC allows third-party users to determine the IP
address of a network user at a time, bypassing software screens
VPN, TOR SOCKS and other network defenders
<https://whoer.net/blog/article/kak-otklyuchit-webrtc-v-raznyx-
brauzerax/>

45
lecturer: - If you use socks or tunnels, then proxifer+plinker.
Disassemble Not we will, on forum Very a lot of information on
these two programs.
lecturer: - Can Also close Internet through firewall so that if
the VPN fails the virtual machine did not have access to the
network, and your real IP did not leak. Some VPN clients have
this feature, or you can tinker with the firewall.
lecturer: Options virtual cars for driving in:
For driving in Can use any virtual machine, it all depends on your
needs and shops.
lecturer: But, necessary software For work And options I’ll
name it anyway, let’s get started.
lecturer: 0. VPN, about this We talked previously.
lecturer: IP we we select With with help SSH tunnel and
SOCKS5.
SSH tunnel - This tunnel, created through SSH connections and
used to encrypt tunneled data. Used to secure data transmission
on the Internet
Socks5 allows create chain from several servers, thereby
achieving anonymity on the network.
lecturer: 1. Brazury. Firefox With substitution webrts, chromium
with webRTS disabled and several portable Chrome/Firefox
browsers.

46
Substitute webrtc Can With with help this extensions:
<https://wwh-club.net/threads/webrtc-podmena-ip-rashirnie-
dlja-brauzera.42828/#post-550221>
If you want to use chrome, set the resolution WebRTC leak
prevent or replace webrts in other ways (available on the
forum)
lecturer: 2. Software For use tunnels And sox: proxifer and
plinker/bitvise
3. Teamviewer (on virtual And on your main car) (optional)
4. NotePad++ For temporary records
5. If There is And If needed - antidetect
lecturer: Parameters:
Let's get started With parameters ip addresses
(dedic/tunnel/sox) lecturer: Negative parameters:
- Bilateral ping And belonging To hosting provider
Affiliation To to the hoster = ip located V cloud, It is better not to
use such IPs at work.
lecturer: Bilateral ping detectit tunnels, sox, vpn by pingu, I
punched large merch And With him, But This All same as a
negative parameter, the solution is to search the VPN country
or put TOR in front of the tunnel, if that doesn’t help, change
the IP.

47
lecturer: - DNS - not the country ip rather has a negative
impact (but Not critical), A So information a lot of on the
forum about this.
lecturer: - Flash, uptime OS.
By at will Can put flush, But Now He Not all real users
have it.
lecturer: Uptime - uninterrupted time your IP is working, it’s
strange, If your ip works without interruption already a few
months, right?
lecturer: Time(timezone) systems must coincide with the time of
the IP address.
lecturer: OS - prevalence, everyday life And confidence. For
example, most ordinary users use Windows. The same xp will
add more fraud for the reason that the system is outdated, so
win10 is the opposite, more trust. The golden mean is Win7.
lecturer: Windows And browsers must be exactly English, it's all
scorching. But if at the same time some program in the system is
in Russian, there’s nothing wrong with that; antifraud will not be
able to detect it through the browser. (Flash should be in eng)
lecturer: ProxyScore + Riskscore ip - anti-fraud systems pay
attention to this, so try to take with zero or minimal indicators.
Some services for selling access (socks/tunnel/dedic) provide
this service directly inside service.

48
lecturer: Open ports (8080, 8081, 3128, 80, 81 and so on): This
far Not Always negative parameter, So As this is a really
common misconception, let's attribute this to the neutral
parameter.
lecturer: Some sites checks anonymity They scan the IP and
believe that if some port is open, then the IP is a proxy and
reduce its anonymity. But in reality this is not so, most of these
IPs are just the web admin of the router. If it were so easy to
make proxies through such admin panels, they would be made
in the millions, you can check it yourself.
lecturer: Since mass port scanning is prohibited in many
countries, large merchants, instead of port scanning, turn to
services such as maxmind, which in turn provides services
such as maxmind fraud check & maxmind geo check api, So
What if some service shows open ports at an IP address (for
example whoer or 2ip.ru), this in most cases is not a negative
indicator. And even if such services show good results, it is
not a fact that you will be able to drive something from this IP
address later.
lecturer: In my practice, large merchants have repeatedly
successfully passed orders from IP addresses, where anonymity
checking sites found open ports and thereby identified the IP as
a proxy, based on this I dare to assume that open ports are not
always Badly, And Not costs get hung up on this, those
Moreover, without actually owning the IP address, you cannot
do anything with it. But By at will Can pick up ip addresses
And without

49
ports, or With open 80 - He let's say at in any situation, as it is
natural.
lecturer: It is better to select the geolocation of IP addresses as
much as possible close To zip code holder cards. For example,
if the card holder has a zip code of 85012, you need an IP with
a zip code 85012 or 8501* - that is So close, as far as possible.
lecturer: Before typing in, you can surf on half-baked sites like
youtube/amazon/facebook and others, some serious ones
antifraud can fire yours history brazura. It’s strange when a
person with an empty browser history breaks down flies to buy
gifts on thousand dollars, not right ?
lecturer: AntiFroud can also see tabname - open tabs V browser
V the moment, And determine With what site did the person
come from? (And for what request)
lecturer: - Audiofingerprint - imprint audio, relatively serious
protection system. We look at various articles on this topic,
not everyone uses it.
lecturer: Serious merchants can also check the sites on the list
where you are logged in (<https://browserleaks.com/social> - you
can check here, for example). In practice, with Facebook logged
in, for example, this is a plus, but not critical.
lecturer: For randomization When entering fingerprints (system
fingerprints) into one merch/shop, you can do the following:

50
- Change browsers, change versions browsers
- Change fonts in the system, screen resolution lecturer:
- Stuff or import cookies
- Plugins And extensions V browser.
- Change the system
lecturer: By the way O extensions, directly merch Not can see
extensions installed in the browser, but they can send a request to
the browser like “Is the extension with such and such id
installed”. This way merch can detect certain extensions, such
How, for example CanvasDefender.
Option bypass this - replacement id extensions (google) or simply
NOT installing it in the browser.
lecturer: And of course we don’t use the same variables at
several driving in, For example emails.
lecturer: When checking your IP location (geolocation), try not to
rely on whoer.net - there is an outdated maxmind there geo base,
use sites ip-score and maxmind.
lecturer: Some sites from myself For checks systems and ip:
whatleaks.com - check Total, including timezone
2ip.ru/privacy - check ports, bilateral ping, hosting provider and
other things

51
whoer.net - slightly less visit this website, Very nerd, absolutely
all merch of medium and higher levels have an extremely
negative attitude towards the cookies of this site + in some cases,
visiting this site will drive the Sox IP / ssh into the maxmind
fraud check database.
<https:// www.maxmind.com/en/home?rId=iplocation > - IP
geolocation directly from maxmind. Of course, the accuracy of
the paid and free databases varies, but in my practice V 75%
cases costs trust exactly this website.
browserleaks.com
ip-score.com
noc.to
Copy to myself this list sites
lecturer: Where keep, How bring out earned money? Bitcoin of
course!
lecturer: Featured wallets:
<https://blockchain.info/ru/wallet/>
bitcoin core
lecturer: Personally I use first. On forum in In the
"Cryptocurrency" section you can find lists of wallets and
study them yourself and choose what suits you best. Not costs
keep money V bitcoin constantly, since the exchange rate can
either rise or fall. Therefore, evaluate your risks and desires
yourself.

52
lecturer: Qiwi - accept To payment Not All, But How one of the
options, perhaps.
Pros of qiwi: Possibility of direct withdrawal to the card, if not
shine number phone, steal practically impossible
lecturer: Minuses: can block wallet, Russian payment system,
which means it will provide any data upon request, therefore I
strongly recommend that if you use Qiwi, then only in the
following format:
lecturer: - Left sim map, possibly virtual
- Left email
- Transfer money if possible kiwi vouchers
(eggs)
lecturer: - Not use mine telephone, buy left or use a virtual sim.
- Conclusion only on map drop.
- Not use mine ip And computer (Can virtual)
lecturer: Options for withdrawing money from online to real
life, If With kiwi everything It's clear, That With bitcoin more
complicated, namely:
- Exchangers. Through exchanger Can exchange money
from Bitcoin to a card or Qiwi, or bank.
lecturer: - Conclusion straightaway V NAL. Eat exchangers, who
provide such a service.

53
- <https://localbitcoins.net> - his sort of exchanger, looking
for a money changer with good reviews.
lecturer: That, What bitcoin anonymous - myth And delusion,
all transactions in the blockchain are at a glance, they are easy
to track, you just don’t need any personal data for registration.
Therefore, to maintain the anonymity of funds, I recommend
using Bitcoin mixers. (see forum, section Cryptocurrency)
lecturer: Except online security There is more And offline, I
dare to recommend my article on this topic:
https://wwh-club.net/threads/ctatja-obratnaja-storona-
luny.54525/

Cards
lecturer: Everyone Hello Today lecture By SS - let's go
lecturer: Every from you So or otherwise encountered V of my
life with CC, but it was in a slightly different “key”
lecturer: The first thing for a beginner in this business is
should study So This Certainly same information O credit
cards, in other words, cardboard / SS
lecturer: Credit card (CC) - This credit card, cardboard, potatoes,
etc.
lecturer: First business us need to find cardboard. The easiest
option is to buy it from the seller

54
lecturer: At purchases You get cardboard approximately V in
this format:4306651004564350 | 10/10 | 826 | Richard Lang | 56
Groveview Cir | Rochester | 14612| NY | USA | 661-298-0881
(Format at everyone seller can be different)
lecturer: 4306651004564350 - Number credit cards.
10/10 ( 10 month / 10 year,) - date graduation actions cards. 826 -
Card security code CVV/CVV2
Richard Lang – First And Last Name (Name, Last
Name) 56 Groveview Cir – Address
Rochester - City 14612 -
Zip code NY (New
York) – State USA –
Country
661-298-0881 - Telephone
lecturer: BIN - bank Identification Number - first 6 numbers in
the credit card number, the bank ID that issued the card
lecturer: each banking organization It has own unique number.
You can find information on each card in the services through a
search. We make a request in Google, bin check and then
follow the links and enter our first 6 digits
lecturer: For example map 4306651004564350, Where 430665 -
number of the bank that issued the card

55
lecturer: 10/10 - exp (term actions cards) 09 month 10 year
lecturer: 826 - cvv (secret code)
lecturer: Richard Lang - Name custodian cards (cardholder
name)
proofreader: 56 Groveview Ulcer - Street
(street) lecturer: Rochester - gorod (city)
proofreader: NY - state (state)
proofreader: 14612 - zip the code (zip
code) proofreader: US - country
lecturer: 661-298-0881- PHONE NUMBER (Phone)
lecturer: TO USA CC more Can add SSN D.L. MMN, DOB
(you will learn this information in other lectures)
lecturer: For additional $ you can break through an additional
information:DOB - date birth SSN - social security number
MMN - Mothers Middle Name (mother's middle name, so to
speak)
lecturer: let's talk O types SS
lecturer: more often Total be used Visa,MasterCard,American
Express,Discover
lecturer: Numbers credit cards Visa begin With numbers 4
at them available protection under name Verified by Visa
(VBV) 3-digit CVV code

56
lecturer: Verify d by Visa(VBV) - used to protect numbers kart
Visa from unauthorized use. Simply put, the holder has a code
that he will have to enter when purchasing something
lecturer: MasterCard credit card numbers begin with a number 5
y them protection under name MasterCard SecureCode (MCSC)
3-digit CVV code
MasterCard SecureCode - principle work That same, What
And at VBV
lecturer: American Express begin With numbers 3
already have a 4-digit CVV code
lecturer: Discover begin With numbers 6
3-digit CVV code
lecturer: Further speech will do O types and SS levels
available 3 type kart ,credit, debit, prepaid
lecturer: credit card, which you can use to buy V credit, those.
Not having on account enough money.
Size loan defines issuing bank
lecturer: debit card, enjoy which is possible
only within the limit of the amount available in the
account
lecturer: prepaid card with a prepaid amount - a smart card that
stores electronic money, in advance paid owner cards

57
lecturer: the prepaid card is not personalized, that is, it will not
indicate the owner’s first and last name, this main horse
prepaid bank cards
by her Can pay off How V real, So And V online stores. Card
limit limited only the amount that is on it
lecturer: By levels kart let's take a walk , from classics before
black. The higher the category of the card, the higher its
service cost, And those more richer her owners, those there
may be more money on it
lecturer: There are cards of the classical category, gold,
platinum And more high cards, How for example, MasterCard
Black Edition or Visa Black. As the card category increases,
the credit limits on it increase. For example, the credit limit on
a classic card can be $1k, while on a platinum credit card the
credit limit can be $10k+
lecturer: For work I I advise take credit And debit cards from gold
level and above, namely the common gold, platinum, signature,
world, black. The probability of meeting the latter is low. In the
USA they are not issued like we have Tinkovs, etc.
lecturer: Each credit company (American Express, MasterCard
And Visa) calls their credit cards higher level is a little different

58
lecturer: American Express has BLACK| The map is
positioned How symbol accessories holder to the top of society
and can only be released to a person who has the appropriate
social status
at MasterCard This World Signia| Credit map the highest
category in the product line from MasterCard with the owner’s
personal signature in “gold” on the front side
at Visa This Black Card - like this level It has increased level of
security, preventing the possibility of unauthorized access to
funds
lecturer: the most premium SS, what listed higher is owned by
a special caste of people on the planet, they are also “Masons”
joke, this level has higher credit limits and there are no limits
on expenses, such cards are very difficult to find and they will
be very expensive, they are most likely only for pros
lecturer: Further let's talk O O volume How passes payment
With SS
lecturer: Process payment credit by card V Internet not as simple
as it seems at first glance
lecturer: while you press the confirm button, a bunch of
processes happen. Answers behind these processes, processing
center jar
lecturer: Processing center — This high-tech system for
processing payments by bank cards in the field of e-commerce

59
lecturer: the main task of the processing center is to provide
shopping opportunity accept payments by credit cards
lecturer: In addition, the processing center coordinates
settlements between issuing bank cards, acquiring bank
(authorizing transactions), shop and card holder
lecturer: Acquiring bank – bank, providing card payment
processing services for the store
lecturer: Issuing bank — bank released map, which the buyer
tries to pay for the goods
lecturer: Process payment goods/services By credit card looks
like this: you place an order on the store’s website and select
payment using a credit card
lecturer: the shop will redirect the buyer to a secure form
payment for processing center, on protected form payment
You indicate information O credit card
processing center confirms status And shop parameters in the
system
and also checks the generated request for correspondence
established requirements And system restrictions and transmits
the generated authorization request to the acquiring bank
carrying out authorization for payment, having received request
on authorization transactions, bank acquirer

60
directs his V appropriate payment system (Visa, MasterCard,
etc.)
lecturer: the payment system determines the issuing bank that
issued the credit card, and then sends request on authorization V
processing bank center
lecturer: After the issuing bank has confirmed authorization
payment, processing center sends a positive authorization result
to the store
lecturer: and he, in turn, notifies you about successful payment
order. Here such Here difficult process occurs after you click on
the pay button
lecturer: What V my queue does shop, When accepts payment?
lecturer: When All points described higher passed successfully
and you see that the payment has been accepted, the shop takes
the order for processing
Processing consists of manually checking the order, clarifying the
details of the order and the spike address (not always), while
clarifying the details shop does call on specified number V
warrant to confirm the order
lecturer: Exactly By this preferably write number where you can
receive a call
lecturer: After clarifications everyone details shop begins to
prepare goods for delivery

61
lecturer: If You drive in egypt That delivery carried out
immediately after verification, if you enter the staff, they can
send it either on the same day or the next
lecturer: Drive in staff Not costs V Friday, So How The transfer
of the staff for delivery will be carried out only on Monday
lecturer: After transfers staffa V delivery, to you By You will
receive a tracking number by mail or in your store’s personal
account.
lecturer: How rule This kit letters And numbers By to whom you
can track where your goods are located
lecturer: Next, you simply monitor your product using tracking
number And rejoice When He delivered, But maybe this
happens when the card holder sees that money has been
withdrawn from the card, in which case he calls the bank
lecturer: He, in turn, makes a call to the store and reports What
purchase was committed fraudulently _
lecturer: In this case, the tracking number will say that sender
requested return goods. IN like this case Don’t be upset and try
to enter a new order with a new CC and you will certainly be
lucky!
lecturer: Further speech will do O volume which measures
undertakes a shop when payment is made from CC
lecturer: The store also checks the order with an anti-fraud
system so that exclude all possible fraudulent manipulations with
bank cards

62
lecturer: Antifraud is from myself system which analyzes your
actions on the Internet for fraud
lecturer: over many years he has formed a portrait of fraudulent
actions And actions real cardholders _
lecturer: system starts you analyze With the very first moment
as soon as you entered the site
lecturer: she’s looking to see if you’ve come in with browser or
from mobile applications, watching What You did you buy, when
did you buy, how often did you buy
lecturer: looks on your ip address, cookie, including the http
session identifier, etc.
lecturer: unites all this information And analyzes her with
actions holder
Your task is to adapt as much as possible to the card holders,
for this you need to warm up the shop, I’ll tell you about this
on next lectures that will V Thursday February 15
lecturer: after warming up shopa reverently type All data, you
spend my monthly salary on purchase expensive laptop
lecturer: Vryatli shop will believe What You So Just came in
and spent the monthly salary of an ordinary American
lecturer: How rule If you burned That to you straightaway Not
They will let you pay for the goods. Despair and throw out the SS
in this

63
case Not costs So How information Maybe Not arrived to the
bank and you are blocked at the shop level
lecturer: IN like this case write/call V shop And we talk that I
tried to buy a laptop from you but it didn’t work out
lecturer: Not forget You American which for a long time I wanted
to buy a laptop but they didn’t give it to you
lecturer: In the shop they will tell you why you cannot place an
order. Be That You Not passed antifraud system shopa, or the
bank has blocked your transaction
lecturer: In the first case, you can find out how you can do it all
order, to you will offer options solutions, you choose
lecturer: If the bank is blocked, it’s easier to throw away the CC
than realize call V bank, So How there Very a tough
identification that cannot be passed.

Posredy
lecturer: Everyone Hello
lecturer: Today's lecture will consist from 2x parts: media and
drops
lecturer: 1 Part Posredy
lecturer: The middleman is is a logistics company that delivers
goods from one country to another. The intermediary is used in
2 cases: when the shop does not have international delivery, And
When Just want to make pack consolidation.

64
lecturer: Intermediaries were created not for us carders, but for
ordinary of people, which want order Which That product from
the USA
lecturer: For example, things from GEP and other stores that have
No delivery V other countries except How USA.
lecturer: Posredy So same There is V Europe, But are used not so
often.
lecturer: Consolidation packs – This process combining several
parcels into one to reduce delivery costs. Consolidation
conditions must be clarified with the intermediaries by reading
the relevant sections of the site.
lecturer: On today's moment, Very a lot of the middlemen are
jacked off, so you need to look for your middleman
lecturer: How same find "one's own"
lecturer: You can only find your mediator through
experimentation by, sending there packs, And depending on
the reaction of the middle. Here are the main points you need
to pay attention to.
lecturer: 1. Drive in step by step. Done 1-2 driving in We waited
for delivery and saw how the agent reacted. They sent it to
themselves.
lecturer: 2. Use different types of entries for different accounts.
That is, on 1 acc drive in the middle With SS, on second With e-
gift, on the 3rd acc in the middle we drive it from a stick, etc.
This is done in order to understand what the medium likes and
what it doesn’t. Because some intermediaries calmly accept packs
inserted from CC, others can lock your account for this. One of
65
the intermediaries with

66
pleasure accepts packs, driven in With e-gifts, A some don't.
Therefore, it is very important to create several accounts at the
first stage, and when some of the accounts are blocked, you will
know why.
lecturer: 3. Avoid intermediaries that require credit cards or
money transfers for payment. Personally, I prefer intermediaries
that accept payments from BTS or PayPal. It often happens that
when paying through “your card", With this same cards must be
made And staff
- What impossible. Behind monetary translations here It's clear.
This is pale. It is better to avoid such intermediaries immediately.
lecturer: 4. Pay special attention to intermediary tariffs
(acceptance, storage, forwarding). It happens that acceptance of
a pack is free, but the cost for storing the pack begins to accrue
the next day. Or vice versa - Acceptance is paid and expensive,
and storage is free. We're better off Total fits intermediary
Where Adoption pack free and free storage period ranges from
30 to 60 days.
lecturer: 5. Carefully study the rules of the intermediary for
acceptance pack. Usually write With what accept A With what is
not there, and which documentation required at the time of
receipt and when sending packages.
lecturer: Found suitable By conditions Wednesday, we proceed
to registration and obtaining an address.
lecturer: Posredy there are With personal office, And without.

67
lecturer: In mediations with a personal account, pack
identification is happening By personal number, usually He
written You need to write this number in the address and upon
delivery.
lecturer: Respectively salesman sees What This big numbers, and
the fact that this is an intermediary
lecturer: Optimal V like this case will write it's like an office
number, for example.
lecturer: Second type in between, which Not require registration.
lecturer: There Just written address warehouse without any
personal numbers.
lecturer: IN like this case identification pack is happening by First
and Last Name on the package.
lecturer: So, How same us register intermediary?
lecturer: First What need to, But Not Necessarily buy a set of
documents.
lecturer: I usually this Not I do That's why What my broker
never requires this
lecturer: But better This do.
lecturer: What is included in the set of documents.
lecturer: Passport, main page And page With
registration, snils, documentation confirming the address of your
residence, usually bills for housing and communal services.

68
lecturer: Finding someone who draws this is quite difficult, But
When at you hangs on in the middle pack, That the fart starts to
burn
lecturer: Further, again same V quality recommendations create a
VPS of the country where the spike will be located, and perform
all manipulations with the mediator from this Dedik.
lecturer: Again, I don’t do this, I go straight to the middle With
VPNA usy, With different IPs And Everything is fine.
lecturer: So, repented We on in the middle What We we see
Firstly?
lecturer: How rule in between some addresses in the USA
lecturer: Warehouses V New Jersey, warehouses V Delaware,
Sometimes in California
lecturer: Better send V Delaware.
lecturer: This state is tax-free And pay extra you won't have to
pay for the goods.
lecturer: Got address. Address will type: lecturer:
First Name Last Name
600 Markley St. Suite 107451
Port Reading, NJ 07064
lecturer: So, first line It's clear, at when placing an order in the
online store, write the name in First Name
lecturer: Last name V Last Name

69
lecturer: V Adress line 1 write
speaker: 600 Markley St.
Lecturer: IN address shit 2 we
write lecturer: Suite 107451
lecturer: Actually This my edited address, Suit this is an office,
numbers after him this private ID on the middle.
lecturer: Port Reading is a city
lecturer: NJ - New Jersey state
lecturer: latest 5 numbers This zip
lecturer: In many intermediaries There is button add order
lecturer: This Means What If You got track from seller, you can
add the pack to your personal account. This will speed up the
processing of the pack by the middleware.
lecturer: Further adviсe By work with intermediaries.
lecturer: 1. Do not send a million packs immediately after
registering an account. Leave for a week, preferably 2. Send 1-2
packs per week. And gradually increase the amount. The swing
rule works here, as in many other topics. No normal person will
send money in a week on account 10 iPhones, 25 things
playstations, And the same number of hours. Pay special
attention to this.
lecturer: 2. Clearly study the rules of operation of
intermediaries, this will avoid losing packages. Read the FAQ
pages or rules reception And forwarding parcels - y you
straightaway
70
will disappear big Part questions, And save money a lot of
time.
lecturer: 3. Not overload Wednesday dear packs. It's better to
start some akkov, And send on every By a little. No normal
person will buy 10 iPhones in 10 days. Remember this. In the
middle of this is the same office that we bend over, so must
behave accordingly.
lecturer: 4. Do not use a medium to drive in expensive
equipment, it is better to use a drop. This way you won’t kill
your account in case of a charge. According to statistics,
middlemen are killed or ton penny staff, or dear. Accounts that
accept mid-price products have experience live the longest.
lecturer: 5. When entering, indicate the Skype phone number or
GV. Not cost write phone number Wednesday or holder. That
is, in the shipping address column, we write either the GV
number (Google voice), or Skype. So We reduce frailty our
actions, and we can always take a call, or simply find out that
there was one.
lecturer: Recommendations for sending goods to yourself: 1.
Do not exceed the customs limit (for Russia) 1000 EUR or 1200
USD per month - for one pack. That is, if you indicated What
staff V pack on 1200 bucks, That V this month You will no
longer be able to send a pack to the same name. He'll get stuck
at customs And V in the end will come With customs
notification, anything over the limit will have to pay 35% of the
cost. Due to recent events, in 80% of cases for sending

71
packs in RU - the intermediaries ask for the recipient’s
TIN/SNILS, which is why I talked about purchasing a full set of
documents. But How We we don't know in how many hands they
can be - the best thing is to come to an agreement with your
drunk neighbor What He will accept yours packs, And take With
all the docks. Trust a bottle of good whiskey - it will do
everything)
lecturer: Let's continue
lecturer: 2. Always underestimate price goods on clothes. For
example, if you are sending Nike sneakers for 300 bucks,
write that the sneakers are NIFY and indicate the cost of 30-
40 bucks. I Always So I do. That same concerns And bags,
pants, basically all duffel items. It always rolls.
Because no one will bother and set a clear price for a duffel bag.
Just don’t need to write that clothes fake or replica, such
categories goods very strictly regulated for import into the
customs union + 90% of intermediaries do not like this either.
Therefore, it is better to write a non-existent brand, or find
sneakers on the Internet for this amount and write that it is
them.
lecturer: 3. As for the hours - Please tear the box apart and send
the watch separately, the box separately. But it’s best to send
the watch together with the rest of the stuff. When in the pack
10-15-20 positions, By my experience such packs It’s much
easier to go through customs than when there are 1-2 items in a
pack.
lecturer: 4. As for jewelry, we write that it is costume jewelry.
And you shouldn’t put too much in a pack. It's better to send
chain separately, ring separately. I recommend
72
send jewelry With in a bunch clothes, less chances What Customs
will burn. Although, precious metals still scorch well with X-
rays. so it’s better not to be impudent, don’t send a 15 kilogram
package containing gold per 1 kg - 100% will not pass customs)
lecturer: 5. Send equipment 2-3 items in a pack. For example 1
iPhone + 1 PSP+ 1 video card. Not need to V 1 pack 10
positions of all products. Remember that if there are 5 or more
identical positions in a pack, you will fall under a commercial
batch, and then you will lose the pack. Since they will ask for
invoices, account statements, etc. That’s why I always throw
sweaters, jackets, and pants on my equipment. The more
bullshit, the better. This is my experience, this may not suit you,
but try it anyway .
lecturer: 6. Do not accumulate packs in the middle, especially
valuable ones. Your iPhone/iPad/Rolex has arrived, send it right
away. Better pay extra 60 bucks behind delivery rather than lose
everything. That is, when you type in the middle, look at the
date delivery, and estimate the approximate time frame. For
example, you type in an iPhone, shipping is 3-5 days, which
means next Wednesday It will be in the middle, so today they
added a couple more things with the same shipping. Next
Wednesday - Thursday the staff arrived, for example 5
positions something - that's it, press the button to send the
pack, pay - we're waiting. There’s no need to pack for months...
it won’t lead to anything good.
lecturer: 7. Pay the intermediary only with your own money. NO
CARGE. Don't saw the branch you're sitting on. Done acc sticks
or same BCC kiwi, threw money on SS

73
- paid. From 50-100 bucks, our wallet thinner Not will become,
and the ACC will serve you for a very long time. Personally,
my account in the middle has been live for a year and 2 months,
and everything is fine, everything is fine.
lecturer: Useful links:
lecturer: List of mediators for information: http://wwh-
club.net/threads/5-2-dostavka-pakov-i-spisok-286-posrednikov-
v-19-stranax-mira.2140/
Scans documents: http://wwh-club.net/threads/prodam-skany-
pasportov-i-foto-s-pasportom-v-rukax.308/
lecturer: So same I advise use For reception packs V ru dropov.
lecturer: On forum There is Human paydrop, accepts packs in
Rostov-on-Don, and the cost of admission is usually 800-1k
rubles
lecturer: Much more reliable, But And expensive neighbor drunk.
lecturer: So, we’re done with the middles.
lecturer: Further drops are coming
lecturer: Drops – This ordinary People, which accept your
packages. There are 2 types of drops: adjustable and non-
adjustable.
lecturer: Fraudulent drops are drops that do not know that they
accept parcels. There is always the possibility of missing drops
with parcels. Such drops are being sought For example on Job
websites or similar offices. Usually on such drops Not they
send dear ones packs. Term

74
The lifespan of such drops is 10-15 days. Adoption cost parcels
like this drops usually 50-70 bucks.
lecturer: Non-adjustable drops are a type of drops that are
clearly aware of the risks they are taking. The risk of losing
packs is minimized. Such drops receive a good salary and the
lifespan of drops is on average 2-3 months. However, they more
often just a few others rules work. More details about the rules
Can to know at drop services, providing services drops. Cost of
admission usually 70-100 dollars or% of the cost of the pack.
lecturer: Recently, drop services have begun to work stingily,
that is, they accept packs and pay you your %. Different drop
services have different types of goods accepted and,
accordingly, different percentages. For liquidation of Apple
equipment - they can give before 55%. Having driven in staff on
stingy - will deliver you from problems with delivering goods to
the Republic of Uzbekistan and selling them, and will help
much faster earn money. However sum earnings will be much
lower than if you brought the staff to yourself and sold it to RU.
lecturer: If you sent the goods for sale, from the moment the
package was sent on drop until payment is received V average
a week passes. And if you send the goods to an intermediary
and want to sell V RU – V average required 4-5 weeks Here it’s
up to you to decide whether it’s quick and small, or long and
big.
lecturer: How only drops get pack, For sending In the middle, the
drop service requires a label.
lecturer: A label is a similarity postal form. That is, a piece of
paper V which written from whom sent, With what
75
the address goes to whom it is addressed and to what address.
Such labels can be ordered on the forum from the relevant
sellers. Usually a karzh label costs about 5-10 bucks, if the label
is white, the price can reach 500 dollars. More often Total white
labels are used For sending packs immediately to the RU, in
order to ensure the safe passage of packs through all authorities.
lecturer: Example label Can look here: http://prntscr.com/iekzf5
lecturer: 1 – Sender's name
2 -Street sender
3 – City / State / Sender's index
4 – Recipient's name
5 – Street recipient
6 - City / State / Index recipient
7 – date sending
8 – Parcel weight
9 – date delivery
10 – Track parcel number .

Warming up shops.
lecturer: everyone Hello
lecturer: I wanted would my lecture subdivide on 3 main parts:

76
1. I I'll tell you to you O warming up the shops.
2. I'll tell you to you O ringing shops For order
verification .
3. I'll tell you to you A little about reroutes.
lecturer: Let's start by giving a definition of what warming up is
shops. Warming up, This call V shop before an order, the purpose
of which is to win over the SAPs and, accordingly, increase the
chances of sending a pack.
lecturer: warming up is carried out mainly in two ways :1.
Through ringing 2. Communication V live chat. Well or the
most wooden way in my opinion is through email
lecturer: let's start With life
lecturer: at all I I think What This Not most an effective way, but
it still happens
lecturer: Firstly, By reason Togo, What glanders Not
communicate with you live, they do not hear you and cannot
understand who is sitting on the other end, so you do not
inspire increased trust in them
lecturer: secondly, live chats are usually only available in more
or less large shopping, Where your talk Just will get lost among
hundreds of others and you will not attract any attention to
yourself
lecturer: live chat good, When to you need to something check in
the order, but you can’t ring it or don’t want to pay money for
ringing, or if you really want to know something specific about
the product, but for warming up Not Very
77
78