1
00:00:01,210 --> 00:00:06,850
In the previous lesson, they managed to implement Heaven's Gate, but it is important to note that

2
00:00:07,270 --> 00:00:15,610
Heaven's Gate Supply is now widely known and this bi-courtney can be detected by antivirus.

3
00:00:16,240 --> 00:00:18,760
So we need to increase to do so in this project.

4
00:00:18,790 --> 00:00:21,730
Now you are going to encrypt this code.

5
00:00:22,010 --> 00:00:26,470
And so to do that, I've written some script here.

6
00:00:27,100 --> 00:00:32,230
We need to convert this binary string into by roll bytes.

7
00:00:33,190 --> 00:00:40,360
Then once you get there base, you can use an Alias two to create the encrypted channel.

8
00:00:41,920 --> 00:00:47,620
So to do that, I've already created the second project for you.

9
00:00:48,250 --> 00:00:54,820
So again, download your second project, which is this one cross injection machine to encrypt it.

10
00:00:56,410 --> 00:00:59,320
Next, open this new project here.

11
00:01:05,180 --> 00:01:16,040
OK, so this new version of the project contains the decryption function, I read this decryption function.

12
00:01:17,470 --> 00:01:27,160
And this commission, I have also edited the decryption function calls is over here.

13
00:01:28,300 --> 00:01:29,220
This is a new line.

14
00:01:30,680 --> 00:01:31,510
In his her.

15
00:01:33,370 --> 00:01:40,450
No, and also added the new encrypted chocolate for x64 function.

16
00:01:41,440 --> 00:01:51,220
And also this line here added in to calculate the length of the Shargel and also the encryption key,

17
00:01:52,360 --> 00:01:55,180
this line and also this line.

18
00:01:55,330 --> 00:02:01,090
So how did we get this chocolate together chocolate?

19
00:02:01,150 --> 00:02:02,950
We need to encrypt it using.

20
00:02:03,550 --> 00:02:06,220
And he he has encrypted.

21
00:02:07,090 --> 00:02:13,150
If you go to the for the heaven's gate, you have the increase, which we have used before.

22
00:02:13,990 --> 00:02:19,170
But this increase only access files, right?

23
00:02:19,180 --> 00:02:23,760
And if you remember, you need to specify the volume as barometer before hitting.

24
00:02:25,600 --> 00:02:28,960
But this one we don't have to follow.

25
00:02:30,070 --> 00:02:33,880
Now, if you open an encrypted version of the shellcode.

26
00:02:38,630 --> 00:02:43,720
This one year, we only have the binary string, you don't have any sense of fun.

27
00:02:44,450 --> 00:02:53,300
So before we can use this incubator, yes, we need to convert these binary string into funds, then

28
00:02:53,300 --> 00:03:00,500
only we can use can is not too been converting this binary string and this vanishing into fast.

29
00:03:01,040 --> 00:03:02,990
I written a Python script here.

30
00:03:03,560 --> 00:03:04,490
So let's do that now.

31
00:03:05,300 --> 00:03:06,950
Open this Python script here.

32
00:03:08,580 --> 00:03:10,440
And then here.

33
00:03:11,800 --> 00:03:21,130
This your vinyl string into this family as a barometer here, so let's do this now.

34
00:03:21,430 --> 00:03:24,090
Open your OK.

35
00:03:24,160 --> 00:03:25,360
You take the first one.

36
00:03:25,990 --> 00:03:27,970
This is Eric I-64.

37
00:03:31,160 --> 00:03:36,320
Do not copy the semicolon and obey, right, just copy the varnish string, say.

38
00:03:37,400 --> 00:03:41,030
Come here and P.S. here.

39
00:03:43,750 --> 00:03:53,340
Delete this first PC, hit the Beast to convert this into binary stream and not history, so it just

40
00:03:53,350 --> 00:03:54,910
will be in every line.

41
00:04:03,850 --> 00:04:08,140
OK, so now let's save this and rainy.

42
00:04:09,680 --> 00:04:11,960
So we need to change to this directory.

43
00:04:13,260 --> 00:04:16,830
So go to your new project in heaven's gate here.

44
00:04:17,640 --> 00:04:18,720
Copy this part.

45
00:04:20,520 --> 00:04:27,780
And make sure you change the gear to screen first change to the Category three before you do anything.

46
00:04:28,800 --> 00:04:30,990
So in here you have this function.

47
00:04:31,740 --> 00:04:32,790
So let's press into.

48
00:04:33,870 --> 00:04:48,060
And rhetorically, health and Richelle, call and excessive and execute ICC for not being.

49
00:04:50,870 --> 00:05:00,140
All right, now, we do the same thing for the second one, which is this the excessive all function?

50
00:05:05,460 --> 00:05:06,120
Crazy here.

51
00:05:07,800 --> 00:05:14,010
Make sure you put a semicolon in back here now, insert B for every line.

52
00:05:55,670 --> 00:05:55,990
OK.

53
00:05:58,170 --> 00:06:02,160
Save it runs again by this time.

54
00:06:02,940 --> 00:06:11,550
And we are going to output it to a different funny, I said before we turn down the into.

55
00:06:12,390 --> 00:06:21,060
So now you have two files which has been converted into binary files now.

56
00:06:21,240 --> 00:06:23,460
And Chris, can you work on this binary files?

57
00:06:24,390 --> 00:06:25,470
So now we're going to do that.

58
00:06:30,290 --> 00:06:34,040
OK, so you just run in here, yes.

59
00:06:36,640 --> 00:06:40,910
And then the balmy turkey is a secular.

60
00:06:48,310 --> 00:06:55,210
And then we know how to execute a city for.

61
00:06:58,870 --> 00:07:00,970
Not a yes.

62
00:07:02,650 --> 00:07:03,010
All right.

63
00:07:03,640 --> 00:07:16,000
If it is ending this time you do it on the x64 from, we shouldn't be able to access it for function.

64
00:07:16,720 --> 00:07:19,420
Yes, good.

65
00:07:19,540 --> 00:07:20,320
Now we have to go.

66
00:07:21,190 --> 00:07:22,720
We have this in.

67
00:07:22,720 --> 00:07:24,820
This next thing is a copy.

68
00:07:24,830 --> 00:07:29,260
This encrypted payload he was into the I was.

69
00:07:31,770 --> 00:07:32,080
Right.

70
00:07:32,100 --> 00:07:36,000
So let's do the first one first openly thing, look.

71
00:07:37,420 --> 00:07:39,730
And you have our here, which is, I mean to.

72
00:07:41,390 --> 00:07:46,220
So we just copy this hard copy and then.

73
00:07:48,720 --> 00:07:49,890
Come, come back here.

74
00:07:50,900 --> 00:07:53,510
And then you see say here.

75
00:07:55,220 --> 00:07:56,900
Replaces busy here.

76
00:07:57,560 --> 00:07:58,000
All right.

77
00:08:00,260 --> 00:08:03,170
And then do the same thing for the ex-City for key.

78
00:08:04,540 --> 00:08:04,860
Right.

79
00:08:04,950 --> 00:08:06,090
Yes, 84 key.

80
00:08:06,390 --> 00:08:07,410
He's just key.

81
00:08:08,160 --> 00:08:09,270
Copy this key.

82
00:08:11,740 --> 00:08:21,760
And replace this, replace this, OK, now once you've done that and do the same thing for x64 function.

83
00:08:23,750 --> 00:08:28,490
So open your see for function for this one.

84
00:08:30,260 --> 00:08:30,800
Yes.

85
00:08:31,310 --> 00:08:32,710
To open this in, OK?

86
00:08:34,490 --> 00:08:42,170
And then copy this payroll, this one copy in two weeks has 64.

87
00:08:43,460 --> 00:08:44,390
Function, Shockley.

88
00:08:47,200 --> 00:08:52,870
To replace this and then do the same thing for the key, which is this.

89
00:08:54,630 --> 00:08:59,170
Is and replace this before punching.

90
00:09:01,090 --> 00:09:02,830
That's that's all you need to do.

91
00:09:03,520 --> 00:09:03,880
All right.

92
00:09:04,330 --> 00:09:10,420
So when you sting runs, he's going to decrypt, he's going to call the decree.

93
00:09:11,040 --> 00:09:14,380
Yes, he would decrypting the scooter.

94
00:09:14,980 --> 00:09:17,920
He would decree any encrypted.

95
00:09:21,490 --> 00:09:22,770
He encrypted the.

96
00:09:24,330 --> 00:09:33,550
A city for chocolate and an overnight need using this key here and then sending over here extremely

97
00:09:33,570 --> 00:09:38,940
active for handcrafted function chocolate and over into the original location.

98
00:09:40,110 --> 00:09:43,020
So this is how you describe the rest.

99
00:09:43,020 --> 00:09:43,740
It's all the same.

100
00:09:44,160 --> 00:09:46,020
So now let's build this.

101
00:09:48,000 --> 00:09:52,860
So we're going to go back up to the bar a tree and combine.

102
00:09:57,120 --> 00:10:01,400
The check is done been to make sure that that little bit program.

103
00:10:05,370 --> 00:10:07,750
Yes, he confirmed that it'll be so.

104
00:10:07,980 --> 00:10:09,930
We run Microsoft Paint.

105
00:10:12,200 --> 00:10:14,510
The 64 bit version of Microsoft Bin.

106
00:10:16,910 --> 00:10:18,530
Riches is one.

107
00:10:21,110 --> 00:10:21,800
So it's.

108
00:10:25,170 --> 00:10:25,760
Into.

109
00:10:27,030 --> 00:10:29,650
And I can hear the beep in.

110
00:10:29,960 --> 00:10:39,250
Now here is your pop up message box, confirm this coming.

111
00:10:39,270 --> 00:10:41,580
This is energy coming from Microsoft Paint.

112
00:10:42,210 --> 00:10:43,830
We use our process.

113
00:10:48,550 --> 00:10:56,920
We drank this to five, you know, and train for dragging over to the message box and release and that

114
00:10:56,920 --> 00:10:58,150
anything didn't make us happy.

115
00:10:59,640 --> 00:11:06,750
In memory, scroll down and the protection column to the readable executable.

116
00:11:11,930 --> 00:11:13,340
His one on one.

117
00:11:14,780 --> 00:11:16,030
And you see our show.

118
00:11:17,240 --> 00:11:24,880
OK, so have this, and in with this encryption of the Heaven's Gate, it would be able to bypass the

119
00:11:24,890 --> 00:11:26,570
antivirus scanners.

120
00:11:28,540 --> 00:11:30,400
OK, so that's all for this video.

121
00:11:30,640 --> 00:11:32,620
Thank you for watching.