1
00:00:00,590 --> 00:00:08,840
Hello and welcome to the ELAC project called Buzzwords Nifer in this project, we are going to be a

2
00:00:08,870 --> 00:00:19,970
Trojan that will use the aero injection, the API hooking and persistence to steal disk encryption password.

3
00:00:23,390 --> 00:00:32,240
The objective to write a Trojan that starts whenever the PC starts and monitors this encryption software

4
00:00:32,360 --> 00:00:33,560
called the Electric.

5
00:00:36,060 --> 00:00:38,310
I will show you how to install the crypt.

6
00:00:39,000 --> 00:00:39,570
He use it.

7
00:00:42,270 --> 00:00:49,630
When the user enters a password to mount a drive, the Trojan who steals the password and save to fight

8
00:00:51,210 --> 00:00:54,080
their kid requires a password to mount a drive.

9
00:00:55,990 --> 00:01:02,170
So the user who enter a password and the Trojan will detect it and say, we love her.

10
00:01:04,480 --> 00:01:09,970
It is something like a keylogger, except that this one monitors a specific program.

11
00:01:10,450 --> 00:01:11,670
I had actually.

12
00:01:14,590 --> 00:01:21,790
How it works on the left is a diagram of a deer injector Trojan inside it.

13
00:01:22,150 --> 00:01:26,890
It is embedded a password sniffer, the L B shocked.

14
00:01:28,080 --> 00:01:32,580
So it is a complete executable file and that it inside.

15
00:01:38,480 --> 00:01:45,320
On the right, it is the software we are going to download, install a free software that actually.

16
00:01:46,340 --> 00:01:48,050
That is a decent group to.

17
00:01:51,040 --> 00:01:57,980
The deer injected Trojan will be constantly running and constantly monitoring whether or not to electric

18
00:01:58,180 --> 00:01:58,900
has slowed it.

19
00:02:02,190 --> 00:02:11,010
Once he detects that occurring in memory, you unpack the denial that is embedded inside it into a far.

20
00:02:13,260 --> 00:02:15,930
This is the passport sniffer guys are.

21
00:02:18,900 --> 00:02:24,810
He will then inject this year into the very program.

22
00:02:29,310 --> 00:02:32,970
So now the password sniffer idea has been attached to very.

23
00:02:36,540 --> 00:02:46,710
In saying that there is a few API functions, but a passes, and if the only hook one of the API functions.

24
00:02:47,940 --> 00:02:53,730
The API function that is hooking will be one which is responsible for receiving the password from the

25
00:02:53,730 --> 00:02:54,120
user.

26
00:02:57,520 --> 00:03:06,160
So the passes referred to the API function that will receive the password if the user enters.

27
00:03:10,720 --> 00:03:12,490
He will then retrieve your password.

28
00:03:14,490 --> 00:03:16,680
And save it to a file on disk.

29
00:03:19,140 --> 00:03:22,320
So this is how it works from a high level perspective.

30
00:03:24,660 --> 00:03:25,650
Thank you for watching.

31
00:03:25,980 --> 00:03:33,350
In the next video, we will continue with the explanation of the court, an API that is used to beat

32
00:03:33,450 --> 00:03:35,820
the intrusion as well as a password for.

33
00:03:36,990 --> 00:03:37,620
She then.