Thanks a lot. These will be very useful additions to my arsenal. Once the tor address is gone, what link should I put in my YouTube video to link to the download?
I saw that Malcom had created one of the tool kits and he wanted the link shared but I don’t know what the link was. I’d say just shout him out on your videos and if he cares that much he’ll dm you the link to post. For the other files you could just make an anon share upload, I can’t be bothered to make a perma-link
I’ve made a fake netstat and tree command that will make scammers wait for a total of 3,5 minutes… plus, make sure to make your vm nice and slow. I have also gotten Remote Administration Tools on it. currently writing more software for this thing, next up is replacing explorer.exe entirely.
Uh anyhow… let me know if anyone wants this to be opensource… and i’ll put it on github and let you guys know.
I see scammers are increasingly using powershell instead of cmd.exe.
The last one i called used manage-bde -status
To point out my percentage encryption was 0%, key protectors where not found and the protection status was off. Oh dear.
Ive seen them use other commands, but dont recall those.
Also you could try adding extra parameters. Setting it to encrypt only used space should help. You can also set it to force encryption type. Experiment, coding isn’t really plug and play all the time.
Microsoft does not support the use of BitLocker on the bootable partition of a virtual hard disk. But BitLocker is supported on non-bootable partitions of a virtual hard disk, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 or Windows Server 2012 R2. For more information, see BitLocker Frequently Asked Questions (FAQ).
Not sure that will be easy to fake. Powershell isnt typically launched from the run box, you right click the start button. Not saying it cant be done, but I havent seen it yet, and its probably non trivial.
Oh well, Ill give the scammers something to point to
@Vertigo I’ll have a look in the morning, I have a day off anyway (like half the world I am assuming…) I hope powershell is just a powershell.exe or something alike, then I might post a github url here if I can make anything decent looking.