gopher.createaforum.com/1/forums/skyfallforums/p/11

   DIR Return Create A Forum - Home
       ---------------------------------------------------------
       SkyFall
  HTML https://skyfallforums.createaforum.com
       ---------------------------------------------------------
       *****************************************************
   DIR Return to: Information
       *****************************************************
       #Post#: 17--------------------------------------------------
        Things to avoid and things to do when downloading exploits
       By: REDACTED1232 Date: September 8, 2019, 5:55 pm
       ---------------------------------------------------------
       1. Have an Anti-Virus!
       This should be pretty obvious but know that an Anti-Virus will
       not catch every malicous file. Why's this? There is this program
       called a crypter, which most people use to remove detections
       from anti-virus scans. A FUD(fully undetactable) crypter can
       make a malicious file fully un-detectable meaning it will come
       up clean on something like Virus Total.
       A good Anti-Malware and reccommended one is
  HTML https://www.malwarebytes.com/.
       Some other good ones include SuperAntiSpyware, ESET and SpyBot.
       2. Pay attention to what the file you've just downloaded does!
       If your Anti-Virus didn't pick anything up, and the file you've
       downloaded doesn't do anything upon execution or just stops
       responding, then the chances are it could have been malware.
       Some crypters(Or KL/RAT clients) also have a fake message
       feature. Example of this:
  HTML https://gyazo.com/f0913fa4a8536045235694dd153b0be4
       3. Use Malwr.com instead of Virus Total to analyse files!
       Malwr.com goes into much more detail than Virus Total. On Virus
       Total all you get are the file details and the Anti-Virus
       detections that can always have false positives. On Malwr.com
       you get the details of everything the file being analysed does.
       If a file grabs your password list malwr will detect it, if a
       file has anti-VM malwr would likely detect it. Here is an
       example of a file analysis. Scroll down and see the signature
       section:
  HTML https://malwr.com/analysis/NDI2MjEyZTUwM...Y5MGZlYTM.
  HTML http://4. Never, and I mean never  save your passwords to your
       browser!
       This is more of a general tip, but when logging in or
       registering sometimes your browser will ask to remember your
       password. Never click remember password as most browsers like
       Chrome and Firefox don't encrypt them and can easily be grabbed
       by a malicous file you may run on your PC.
       5. Use 2FA when possible!
       Most websites nowadays have two-factor authentication. For some
       sites, like v3rmillion you require your phone in order to get
       into your account. So if someone has your password through any
       means including malware it'll make it much more difficult to log
       in and screw things up for you.
       6. Use a VM to test files!
       If you can spare the PC power then I'd reccommend using a VM to
       test files. If a file gives you an error in a VM, never run it
       on your PC as that could be an error triggered by an anti-VM
       inside the file. I use VirtualBox, you can find many guides
       online but if you're still unsure you can PM me here or msg me
       on Discord: Radioactive#4470 and I'll help you out in setting
       one up.
       *****************************************************