1
00:00:00,450 --> 00:00:05,790
Hello and welcome to a new section and coding all encrypting Pilates.

2
00:00:07,740 --> 00:00:17,280
Why in court or why encrypt and could only encrypt ballots in order to prevent antivirus and reverse

3
00:00:17,280 --> 00:00:27,570
engineers from detecting a malware SMB antivirus use patterns of bytes or string switches to detect

4
00:00:27,570 --> 00:00:28,770
malware signatures?

5
00:00:29,490 --> 00:00:38,670
Chako parents have bounden malware signatures, so encoding an encryption scrambles the data to make

6
00:00:38,670 --> 00:00:40,680
it different from ground signatures.

7
00:00:41,100 --> 00:00:49,140
That's defeating antivirus and also making it difficult for malware analyst and reverse engineers to

8
00:00:49,140 --> 00:00:50,400
study the information.

9
00:00:52,170 --> 00:01:01,530
What is the difference between encrypted and transforms data from one format to another format for use

10
00:01:01,530 --> 00:01:02,670
by another system.

11
00:01:03,060 --> 00:01:11,310
For example, sending binary data over email, the binary data would need to be encoded into a certain

12
00:01:11,310 --> 00:01:15,330
format which is suitable sending over the Internet.

13
00:01:16,260 --> 00:01:24,810
On the other hand, encryption transforms in data from one format, also known as plain text to another

14
00:01:24,810 --> 00:01:33,150
format called ciphertext, using a secret key so that others cannot read the hidden information.

15
00:01:34,410 --> 00:01:45,190
So the purpose of encoding is usability to make it easy to use the Internet for transmitting data.

16
00:01:45,210 --> 00:01:53,790
For example, by the purpose of encryption is to hide data from those who are not authorized to consume

17
00:01:54,120 --> 00:01:55,050
that data.

18
00:01:56,040 --> 00:02:02,070
The difference between the two is that encoding does not require a secret key.

19
00:02:02,850 --> 00:02:08,880
If you know the algorithm for the input, you can also use the reverse algorithm to decode.

20
00:02:09,870 --> 00:02:16,590
On the other hand, and Kruschen requires the recipient to know the secret key.

21
00:02:17,130 --> 00:02:24,570
So a person who receives the data, which is encrypted, would not be able to decrypt it without the

22
00:02:24,570 --> 00:02:28,740
secret key and sample encoding and encryption.

23
00:02:28,740 --> 00:02:34,260
And Ghadames Base64 is an example encoding algorithm.

24
00:02:35,280 --> 00:02:37,690
Axel, are you saying Cushiony and Gardam?

25
00:02:38,190 --> 00:02:40,650
Although it's a simple one and.

26
00:02:40,730 --> 00:02:41,130
Yes.

27
00:02:41,270 --> 00:02:41,580
Yes.

28
00:02:41,700 --> 00:02:43,290
Encryption algorithm do.

29
00:02:44,130 --> 00:02:49,170
So now we are going to take a look at how you can use encoding.

30
00:02:50,760 --> 00:02:52,450
Go in, download this project.

31
00:02:52,830 --> 00:03:02,130
Zero three base64 encoding below, unzip it and put it in your mother folder in just to open this folder

32
00:03:02,130 --> 00:03:03,810
and you will see a few files.

33
00:03:04,500 --> 00:03:13,230
We are going to take a look at the CPP file base64 encoding CPP open you back plus plus.

34
00:03:14,920 --> 00:03:17,920
So this is a sample of a base, 64 people.

35
00:03:19,180 --> 00:03:31,120
And then here is an example of a program which can decode this base64 and then execute it as you see

36
00:03:31,510 --> 00:03:39,640
Gazoo new function here, which is called the base64 and copy to allocate their memory.

37
00:03:41,290 --> 00:03:42,790
And here is the main function.

38
00:03:45,040 --> 00:03:55,960
We also have to watch how long it will allow these to reserve her memory location for unpacking the

39
00:03:55,960 --> 00:03:56,890
base64.

40
00:03:58,240 --> 00:04:07,660
So over here, after his allocated memory, he will pass it to the variable and then he will print the

41
00:04:07,660 --> 00:04:13,450
address of the obesity for formula, which is this address here for this array.

42
00:04:14,680 --> 00:04:18,460
And then you also pin the address on the allocated of memory.

43
00:04:19,570 --> 00:04:29,140
Then the program will help here and inform the user to press enter in order to decode base64 and copy

44
00:04:29,140 --> 00:04:30,250
to educate their memory.

45
00:04:30,940 --> 00:04:37,960
And you will pause here and wait for the user to press the enter key after the user has pressed into

46
00:04:37,960 --> 00:04:38,290
key.

47
00:04:38,920 --> 00:04:41,590
He will proceed and execute this function.

48
00:04:42,370 --> 00:04:46,150
And this function is actually up here and define up here.

49
00:04:47,290 --> 00:04:51,190
If I set these parameters, this is user defined function.

50
00:04:52,300 --> 00:05:01,780
So you set the first parameter is the basic for payload, which is actually here basically for people.

51
00:05:03,520 --> 00:05:05,740
And all this is in the data session.

52
00:05:06,160 --> 00:05:08,890
Is it because these are global variables?

53
00:05:10,750 --> 00:05:16,240
The second parameter is the length of key vestibular base64 bill.

54
00:05:17,020 --> 00:05:24,610
And the basic torpedo is here and the length is calculated using this function size of synthesizer function.

55
00:05:24,870 --> 00:05:32,530
Says he built a calculating return this size stores in this variable and this variable is used here.

56
00:05:33,100 --> 00:05:41,020
The second parameter of this function, and then the third parameter is to allocate memory, which came

57
00:05:41,020 --> 00:05:43,510
from the what you ALAC over here.

58
00:05:44,440 --> 00:05:48,160
And finally, the last parameter is the length of the box.

59
00:05:48,730 --> 00:05:50,110
Again, repeated twice.

60
00:05:51,730 --> 00:05:56,830
So when you call this function, you pass all these parameters into this function here.

61
00:05:57,700 --> 00:06:06,100
The first parameter we set this this default payload, and then you say here he will call this function,

62
00:06:06,520 --> 00:06:09,190
which is provided by the Windows API.

63
00:06:09,700 --> 00:06:11,770
It is called string to binary.

64
00:06:12,680 --> 00:06:15,940
He's in MSDS documentation.

65
00:06:16,120 --> 00:06:18,550
This function accepts seven parameters.

66
00:06:19,300 --> 00:06:24,490
In the first parameter is the string that contains the format string to be converted.

67
00:06:25,750 --> 00:06:33,130
You know, what it does is to convert the basic for into binary format.

68
00:06:34,240 --> 00:06:35,380
And then to it.

69
00:06:36,800 --> 00:06:38,420
In another variable.

70
00:06:39,820 --> 00:06:40,330
Who are here?

71
00:06:41,020 --> 00:06:45,580
So you accept your source and then do the conversion.

72
00:06:46,880 --> 00:06:56,240
And then saw it in another separate variable, and the third conviction that you need is specified in

73
00:06:56,450 --> 00:06:57,350
that parameter.

74
00:06:58,100 --> 00:07:00,320
In this case, CREP string, basically base64.

75
00:07:03,200 --> 00:07:05,000
Which refers to here.

76
00:07:05,420 --> 00:07:12,590
They took parameter so that that barometer is that from the string to be cool with it.

77
00:07:13,210 --> 00:07:16,850
It can be one of these values we are using.

78
00:07:16,850 --> 00:07:20,210
This one string could string base64.

79
00:07:22,580 --> 00:07:28,430
And then here is the allocated memory, which you pass from this function call.

80
00:07:28,550 --> 00:07:30,340
And it came from the ritual.

81
00:07:31,190 --> 00:07:39,260
And the next parameter is the length of the output string, which should be the same as her sustaining.

82
00:07:40,720 --> 00:07:48,130
So as you can see over here and you call this function, you are basically for Peter Lang.

83
00:07:48,770 --> 00:07:50,830
He's provided twice here and here.

84
00:07:51,790 --> 00:07:56,020
It means your source name is the same as your destination line.

85
00:07:57,610 --> 00:07:58,450
The source name.

86
00:07:59,820 --> 00:08:08,070
He says they may see how could name and the last parameter we just leave it has no return of this function

87
00:08:08,460 --> 00:08:10,260
can either be true or false.

88
00:08:11,360 --> 00:08:15,950
We should be reseize, actually, this variable result, the return.

89
00:08:16,230 --> 00:08:17,520
This function is a bull.

90
00:08:22,180 --> 00:08:27,610
Now, here, he says the return value, if the fashion succeeds to return value is non-zero.

91
00:08:29,520 --> 00:08:34,300
OK, so here if the function succeeds, the song will be true.

92
00:08:35,770 --> 00:08:39,760
And then down here, we test whether the result is true or false.

93
00:08:40,660 --> 00:08:44,470
If it's not true, then you specify the upper line zero.

94
00:08:46,120 --> 00:08:49,750
So when you upwellings specify zero, you will return it as zero.

95
00:08:54,740 --> 00:09:03,380
Then after you set the memory region to become reliable and secure the world by using what you protect.

96
00:09:04,400 --> 00:09:08,990
So the Miami region is the one here where you have Hosny copy.

97
00:09:09,260 --> 00:09:18,200
He you could basically fall and then you print in other prompted a user asking user to present to to

98
00:09:18,200 --> 00:09:18,860
create a track.

99
00:09:19,960 --> 00:09:25,410
When you use a presenter, you come and test for the return value of the watch reporting.

100
00:09:26,500 --> 00:09:29,980
If it's non-zero, it means which reporting succeeded.

101
00:09:30,460 --> 00:09:33,730
And then you call the career clarify, you can execute.

102
00:09:33,960 --> 00:09:34,270
OK.

103
00:09:36,010 --> 00:09:39,730
So there is the explanation for this program.

104
00:09:40,660 --> 00:09:46,420
So the next thing to do is to generate this base64 cut.

105
00:09:47,680 --> 00:09:51,310
So we are going to use our knockback chocolate.

106
00:09:53,850 --> 00:10:00,780
These new special court is a one regenerator using the Metasploit in Kali Linux earlier.

107
00:10:01,230 --> 00:10:03,570
It was previously not banned.

108
00:10:03,840 --> 00:10:09,150
ICAO and I rename it to not bet on Bin, but is actually the same font.

109
00:10:11,240 --> 00:10:18,410
So now, before we can use this, we need to convert it into base64.

110
00:10:19,670 --> 00:10:28,070
We need to encoding Base64 Sutea encoding message before you can use Windows Utility.

111
00:10:29,210 --> 00:10:38,960
So let's open command from here and you command from type native open density for any to.

112
00:10:41,260 --> 00:10:44,440
And this Bahia Rackley copy.

113
00:10:45,360 --> 00:10:47,200
Now you see the space.

114
00:10:47,290 --> 00:10:49,120
Right click to paste above hit enter.

115
00:10:50,720 --> 00:11:02,020
An idea to list 10 in order to convert this, not that bin, which is a binary for your chocolate file

116
00:11:02,740 --> 00:11:05,610
into a base64 encode.

117
00:11:06,490 --> 00:11:11,510
We used to win a new treaty which is called Sethu.

118
00:11:11,530 --> 00:11:14,110
You kill sick, you kill.

119
00:11:15,670 --> 00:11:22,150
So this so you functionality tool is used by windows for some kind of certificate management.

120
00:11:22,960 --> 00:11:26,320
We can also use it to encode base64.

121
00:11:27,280 --> 00:11:33,220
So you pass it barometer gashing code and then the input file.

122
00:11:34,190 --> 00:11:37,510
Note that bin and the name of your Profar.

123
00:11:38,410 --> 00:11:43,900
Note that the BTC for to remind ourselves.

124
00:11:44,260 --> 00:11:46,960
This is a base64 encoded binary.

125
00:11:47,680 --> 00:11:53,660
Now we enter and he sees the input line to seven when they are pulling for file.

126
00:11:54,250 --> 00:11:57,580
So the input command completed successfully.

127
00:11:59,260 --> 00:12:01,900
So now you see there is a new far greater here.

128
00:12:02,470 --> 00:12:04,100
This is a basis for including.

129
00:12:05,380 --> 00:12:07,190
So what we need to do is now open.

130
00:12:07,230 --> 00:12:12,480
This is not a plus plus and copy despite.

131
00:12:14,710 --> 00:12:26,950
Here to hear directly copied is again coming to our south, far and busy down here giving all these

132
00:12:26,950 --> 00:12:29,170
first A and C over here.

133
00:12:30,550 --> 00:12:34,600
Then we have to put the quotes front and added back.

134
00:12:40,440 --> 00:12:42,060
Because this is a string.

135
00:12:54,650 --> 00:12:59,720
And you have to put a semicolon to end the expression.

136
00:13:00,590 --> 00:13:03,950
So now we have our basically four and caught it below here.

137
00:13:05,360 --> 00:13:15,500
So in the next video, I'm going to compile this into a EIC and then we are going to run it using TVG.

138
00:13:16,160 --> 00:13:17,360
Thank you for watching.