Talk provided in the BSides Colombia 2023 - April 2023
Video: https://www.youtube.com/watch?v=YTz1yQGyFLw
Project:
https://github.com/avechuch0/telegram-hitbackscammer
The document discusses various attack vectors against internet banking systems and possible countermeasures. The most common attacks are credential stealing through phishing and malware, man-in-the-middle attacks, and attacks utilizing trojan horses installed on users' computers. While banks aim to protect their servers, the user's computer and network are more vulnerable. No single technology provides complete protection, as hackers adapt to new defenses. Detection of fraud after the fact also remains important.
IRJET- Security from Man-In-The-Middle-AttackIRJET Journal
This document discusses man-in-the-middle attacks and methods to defend against them. It begins with an abstract describing how man-in-the-middle attacks work, where a malicious actor inserts themselves into a communication between two parties to access information. It then provides details on the advanced Diffie-Hellman algorithm used to secure key exchanges against these attacks. The document outlines different types of man-in-the-middle attacks like IP address spoofing. It proposes a system to block unauthorized users and secure file transfers to defend against man-in-the-middle attacks. The conclusion emphasizes creating awareness about these security threats.
The Comprehensive Security Policy In The Trojan WarMandy Cross
The document discusses some of the major types of social engineering attacks, including watering holing, whaling, pretexting, and baiting. It emphasizes that social engineering attacks require the same security measures as other types of attacks, such as identifying assets, enabling email security features, managing access controls, conducting user training, and developing incident response plans. Prevention is key to mitigating social engineering attacks.
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Web security involves protecting information transmitted over the internet from attacks like viruses, worms, trojans, ransomware, and keyloggers. Users can help secure themselves by using antivirus software, avoiding phishing scams, and reporting spam. Larger attacks often involve botnets, which are networks of infected computers that can overwhelm websites and services with traffic through distributed denial of service attacks.
1. Ingress filtering verifies the source addresses of incoming traffic to prevent spoofing, while egress filtering verifies outgoing traffic to prevent internal threats from spreading.
2. Separate filtering helps isolate parts of the network and only allow expected communication patterns between servers, workstations, and the internet.
3. We need to separately filter ingress and egress traffic to harden network security by blocking unauthorized internal and external access and communication, and containing any threats that do arise.
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
Wireless Network is used for all Portal Electronic Devices
(PED). The main concept of using Authentication Network in
PED for Online Banking. The user authenticates the
transaction has a strong static ID and password. SMS based
OTP provides an additional security layer for an authorized
person. All Banks provide the same process for security
purposes for they are beneficiaries. According to the recent
thread, it is also vulnerable to various attacks. In this paper
how it does can happen and what is the mechanism to
prevent security-based OTP throughout using IMEI.
Keywords – PED, Authentication, OTP, IMEI.
The document discusses various attack vectors against internet banking systems and possible countermeasures. The most common attacks are credential stealing through phishing and malware, man-in-the-middle attacks, and attacks utilizing trojan horses installed on users' computers. While banks aim to protect their servers, the user's computer and network are more vulnerable. No single technology provides complete protection, as hackers adapt to new defenses. Detection of fraud after the fact also remains important.
IRJET- Security from Man-In-The-Middle-AttackIRJET Journal
This document discusses man-in-the-middle attacks and methods to defend against them. It begins with an abstract describing how man-in-the-middle attacks work, where a malicious actor inserts themselves into a communication between two parties to access information. It then provides details on the advanced Diffie-Hellman algorithm used to secure key exchanges against these attacks. The document outlines different types of man-in-the-middle attacks like IP address spoofing. It proposes a system to block unauthorized users and secure file transfers to defend against man-in-the-middle attacks. The conclusion emphasizes creating awareness about these security threats.
The Comprehensive Security Policy In The Trojan WarMandy Cross
The document discusses some of the major types of social engineering attacks, including watering holing, whaling, pretexting, and baiting. It emphasizes that social engineering attacks require the same security measures as other types of attacks, such as identifying assets, enabling email security features, managing access controls, conducting user training, and developing incident response plans. Prevention is key to mitigating social engineering attacks.
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Web security involves protecting information transmitted over the internet from attacks like viruses, worms, trojans, ransomware, and keyloggers. Users can help secure themselves by using antivirus software, avoiding phishing scams, and reporting spam. Larger attacks often involve botnets, which are networks of infected computers that can overwhelm websites and services with traffic through distributed denial of service attacks.
1. Ingress filtering verifies the source addresses of incoming traffic to prevent spoofing, while egress filtering verifies outgoing traffic to prevent internal threats from spreading.
2. Separate filtering helps isolate parts of the network and only allow expected communication patterns between servers, workstations, and the internet.
3. We need to separately filter ingress and egress traffic to harden network security by blocking unauthorized internal and external access and communication, and containing any threats that do arise.
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
Wireless Network is used for all Portal Electronic Devices
(PED). The main concept of using Authentication Network in
PED for Online Banking. The user authenticates the
transaction has a strong static ID and password. SMS based
OTP provides an additional security layer for an authorized
person. All Banks provide the same process for security
purposes for they are beneficiaries. According to the recent
thread, it is also vulnerable to various attacks. In this paper
how it does can happen and what is the mechanism to
prevent security-based OTP throughout using IMEI.
Keywords – PED, Authentication, OTP, IMEI.
This document summarizes a student project on building a spam classifier. It defines spam and the problems it causes. It then introduces the goal of building a tool to identify spam messages. It reviews literature on spamming and organized cybercrime. The proposed solution discusses features of a modern spam filter, including threat detection using AI and machine learning. It provides a block diagram of the spam classifier that includes collecting an email data set, pre-processing email content, extracting and selecting features, implementing a K-Nearest Neighbors algorithm, and analyzing performance.
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsShinpei Hayashi
This document proposes a technique for eliciting security requirements early in the development process. It involves using security knowledge from security targets and common criteria standards. Potential threats are detected by matching scenario descriptions to threat patterns using graph transformation. When a threat is detected, a negative scenario is derived and security objectives are embedded to address the threat. An evaluation of the technique found it could accurately detect threats in scenarios from different domains, though some false positives and negatives occurred. Overall, the technique shows promise for aiding the elicitation of security requirements.
The presentation gives a brief analysis of machine learning techniques we use at FraudHunt. It will be interesting for people that start their journey in machine learning and fraud prevention fields.
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareJimmy Shah
Attackers are starting to move on from simple attacks, mainly because users are starting to figure out that the free adult entertainment or chat app shouldn't be sending SMS messages to expensive numbers. They're leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software.
The document provides an overview of cybersecurity threats in the first half of 2013. Key points include:
- Exploit attacks targeting known Java vulnerabilities accounted for about half of all detections, focusing on CVE-2013-1493 and CVE-2011-3544.
- The ZeroAccess botnet was active spreading via exploit kits and Java exploits, with potential monthly profits from Bitcoin mining estimated at over $50,000.
- Ransomware called "Anti Child Porn Spam Protection" circulated in March and April.
- APT attacks often use specially crafted documents as bait targeting people in specific organizations or fields.
- The first Android malware spread through spam emails was
This document summarizes a paper about the history, mechanisms, and countermeasures of ransomware. It describes how ransomware has evolved since 1989 from simply encrypting file names to using sophisticated encryption techniques and ransom payment through cryptocurrencies. Recent ransomware incidents have targeted hospitals, which feel pressure to pay ransoms to avoid putting patients at risk. Key countermeasures include awareness training to prevent infection through phishing emails, as well as maintaining backups to recover data without paying ransoms. Sandbox deployment and signature analysis can also help detect and block ransomware.
The document discusses cybersecurity threats like ransomware, phishing, and data theft that can disrupt business operations and cause monetary or reputational losses. It then describes how a managed security services provider like SK infosec can monitor networks and systems 24/7, detect and respond to cyber threats through security analytics and a security operations center, and help organizations facing challenges with limited security resources. Case studies are provided showing how SK infosec's managed security services protected clients from a web-shell upload attack and C&C callback as part of an advanced persistent threat.
Email: still the favourite route of attackClaranet UK
The document discusses how email continues to be the primary attack vector for cybercriminals. It notes that 78% of people claim to be aware of phishing risks but still click unknown links in emails. Various statistics are presented about increases in spear phishing attacks, ransomware attacks, and losses to business email compromise scams. The document advocates for implementing cloud-based email security solutions to help block these evolving threats through features like advanced threat protection, malware and spam filtering, sandboxing, and encryption. It outlines options for layered protection ranging from basic email filtering to more comprehensive advanced threat protection.
La banca está adaptándose a las demandas de los clientes de acceder a los servicios de forma digital. Esto implica cambiar los paradigmas de desarrollo tecnológico hacia enfoques más ágiles. También conlleva nuevas amenazas de seguridad debido a la conectividad global y mayor demanda en países en desarrollo. Se recomienda a la banca innovar sistemas legados, confiar en los millennials y fomentar la resiliencia, y al área de auditoría invertir en el desarrollo de los audit
Ponencia del evento Latin CACS 2017 de Isaca. San José Costa Rica.26 - 27 sept. 2017.
Conceptos y elementos necesarios para el entendimiento de sistemas Android y IOs y auditar técnicamente una aplicación móvil.
Este documento proporciona una introducción general a la norma ISO/IEC 27001 y compara las versiones de 2005 y 2013. Resume los principales cambios entre las versiones, incluidos nuevos dominios de seguridad, más requisitos de gestión y controles actualizados. También explica brevemente el propósito de un sistema de gestión de seguridad de la información certificado conforme a ISO/IEC 27001.
2a parte de la primera reunión del capítulo Owasp Bogotá.
Golismero, orquestando auditorías de seguridad y escaneo de vulnerabilidades.
Video https://www.youtube.com/watch?v=v7Jc9IWTuro
Charla presentada en la XVI Jornada Internacional de Seguridad Informática, organizada por ACIS - Asociación Colombiana de Ingenieros de Sistemas. 23 y 24 de Junio de 2016.
Charla relacionada a los diferentes estímulos del gobierno colombiano para especializarse en temas de tecnologías emergentes y marcos de trabajo aceptados internacionalmente, e introducción al marco de trabajo de gestión de proyectos del Project Management Institute PMI y la presentación del examen Project Management Professional PMP. Capacitación impartida en Seguros Bolívar S.A.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
This document summarizes a student project on building a spam classifier. It defines spam and the problems it causes. It then introduces the goal of building a tool to identify spam messages. It reviews literature on spamming and organized cybercrime. The proposed solution discusses features of a modern spam filter, including threat detection using AI and machine learning. It provides a block diagram of the spam classifier that includes collecting an email data set, pre-processing email content, extracting and selecting features, implementing a K-Nearest Neighbors algorithm, and analyzing performance.
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsShinpei Hayashi
This document proposes a technique for eliciting security requirements early in the development process. It involves using security knowledge from security targets and common criteria standards. Potential threats are detected by matching scenario descriptions to threat patterns using graph transformation. When a threat is detected, a negative scenario is derived and security objectives are embedded to address the threat. An evaluation of the technique found it could accurately detect threats in scenarios from different domains, though some false positives and negatives occurred. Overall, the technique shows promise for aiding the elicitation of security requirements.
The presentation gives a brief analysis of machine learning techniques we use at FraudHunt. It will be interesting for people that start their journey in machine learning and fraud prevention fields.
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareJimmy Shah
Attackers are starting to move on from simple attacks, mainly because users are starting to figure out that the free adult entertainment or chat app shouldn't be sending SMS messages to expensive numbers. They're leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software.
The document provides an overview of cybersecurity threats in the first half of 2013. Key points include:
- Exploit attacks targeting known Java vulnerabilities accounted for about half of all detections, focusing on CVE-2013-1493 and CVE-2011-3544.
- The ZeroAccess botnet was active spreading via exploit kits and Java exploits, with potential monthly profits from Bitcoin mining estimated at over $50,000.
- Ransomware called "Anti Child Porn Spam Protection" circulated in March and April.
- APT attacks often use specially crafted documents as bait targeting people in specific organizations or fields.
- The first Android malware spread through spam emails was
This document summarizes a paper about the history, mechanisms, and countermeasures of ransomware. It describes how ransomware has evolved since 1989 from simply encrypting file names to using sophisticated encryption techniques and ransom payment through cryptocurrencies. Recent ransomware incidents have targeted hospitals, which feel pressure to pay ransoms to avoid putting patients at risk. Key countermeasures include awareness training to prevent infection through phishing emails, as well as maintaining backups to recover data without paying ransoms. Sandbox deployment and signature analysis can also help detect and block ransomware.
The document discusses cybersecurity threats like ransomware, phishing, and data theft that can disrupt business operations and cause monetary or reputational losses. It then describes how a managed security services provider like SK infosec can monitor networks and systems 24/7, detect and respond to cyber threats through security analytics and a security operations center, and help organizations facing challenges with limited security resources. Case studies are provided showing how SK infosec's managed security services protected clients from a web-shell upload attack and C&C callback as part of an advanced persistent threat.
Email: still the favourite route of attackClaranet UK
The document discusses how email continues to be the primary attack vector for cybercriminals. It notes that 78% of people claim to be aware of phishing risks but still click unknown links in emails. Various statistics are presented about increases in spear phishing attacks, ransomware attacks, and losses to business email compromise scams. The document advocates for implementing cloud-based email security solutions to help block these evolving threats through features like advanced threat protection, malware and spam filtering, sandboxing, and encryption. It outlines options for layered protection ranging from basic email filtering to more comprehensive advanced threat protection.
Similar to Introducing Telegram-hitbackscammer | BSides Colombia 2023 (9)
La banca está adaptándose a las demandas de los clientes de acceder a los servicios de forma digital. Esto implica cambiar los paradigmas de desarrollo tecnológico hacia enfoques más ágiles. También conlleva nuevas amenazas de seguridad debido a la conectividad global y mayor demanda en países en desarrollo. Se recomienda a la banca innovar sistemas legados, confiar en los millennials y fomentar la resiliencia, y al área de auditoría invertir en el desarrollo de los audit
Ponencia del evento Latin CACS 2017 de Isaca. San José Costa Rica.26 - 27 sept. 2017.
Conceptos y elementos necesarios para el entendimiento de sistemas Android y IOs y auditar técnicamente una aplicación móvil.
Este documento proporciona una introducción general a la norma ISO/IEC 27001 y compara las versiones de 2005 y 2013. Resume los principales cambios entre las versiones, incluidos nuevos dominios de seguridad, más requisitos de gestión y controles actualizados. También explica brevemente el propósito de un sistema de gestión de seguridad de la información certificado conforme a ISO/IEC 27001.
2a parte de la primera reunión del capítulo Owasp Bogotá.
Golismero, orquestando auditorías de seguridad y escaneo de vulnerabilidades.
Video https://www.youtube.com/watch?v=v7Jc9IWTuro
Charla presentada en la XVI Jornada Internacional de Seguridad Informática, organizada por ACIS - Asociación Colombiana de Ingenieros de Sistemas. 23 y 24 de Junio de 2016.
Charla relacionada a los diferentes estímulos del gobierno colombiano para especializarse en temas de tecnologías emergentes y marcos de trabajo aceptados internacionalmente, e introducción al marco de trabajo de gestión de proyectos del Project Management Institute PMI y la presentación del examen Project Management Professional PMP. Capacitación impartida en Seguros Bolívar S.A.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
2. 03 Final product of this research
as response to mitigate these issues
Title Here
Contents
01 The use of Telegram as part of
the current threat landscape
02 How this research started
3. About me
Just a guy with the goal of overcoming himself
Threat Intel, Digital Forensics, Malware Analysis,
CloudSec, Pentesting… These little things…
GCFA, GCPN, CISM, CSX, PMP, IA-ISO27001
University Teacher – Researcher – Speaker
Lover of nature, Musician
IBMer, X-Force Incident Response
”
6. 1. Weaponization 2. Delivery 3. Impact and
monetization
POST REQUEST
…
var settings = {
"async": true,
"crossDomain": true,
"url":
"https://api.telegram.org/bot"
+ telegram_bot_id +
"/sendMessage",
"method": "POST",
…
Attacker gets a
Telegram bot using
the Botfather for
malicious purposes
Victims
fill data
managed by
malicious
bot
Credentials
stolen for
money
transfer/
withdraw
Phishing/Smishing
So, what the fuss?
8. A set of protocols to screw up the
malicious activities of phishers
who store the victim's stolen data
on Telegram chats/channels
”
Attribution
Annoyance
Attack
So, what is
Telegram-hitbackscammer
9. Cybersec theories behind
Telegram-hitbackscammer
Triple A
of Active
Defense
Researchers
Threat hunters
Incident Responders
Developers
Attribution: Trying to unmask
the attackers
Annoyance: Wasting an
attacker’s time
Attack: It is hacking
…back using pentest
tricks
10. D.E.M.O ?
Is there a Demo… Nope is not?
https://github.com/avechuch0/telegram-hitbackscammer
Of course, it is
just kidding ☺
11. Closing thoughts
Charity / Crowdfunding / Sponsorship
The Telegram malicious current ecosystem is very
huge to process!
”
12. Closing thoughts
Be sure to hack… for good ALWAYS
Spread the word, take it, and use it
https://github.com/avechuch0/telegram-hitbackscammer
QUESTIONS?
@avechuch0
”
Jaime Andrés Bello Vieda