1

00:00:00,930 --> 00:00:01,560

Hello.



2

00:00:01,800 --> 00:00:07,500

In this new session, we are going to use E.S. encryption to encrypt the email.



3

00:00:08,400 --> 00:00:11,070

Now, what is encryption and how does it work?



4

00:00:11,580 --> 00:00:16,840

You can go to this link here, which I provided for you in the following year.



5

00:00:16,920 --> 00:00:20,550

We saw of session and read all the details about it here.



6

00:00:20,760 --> 00:00:24,990

If you are interested in the inner workings of this encryption.



7

00:00:26,490 --> 00:00:31,140

So for our project, go in this file.



8

00:00:31,650 --> 00:00:38,280

Zero five is encrypting payload and zip and put it in the malware folder on the desktop.



9

00:00:39,270 --> 00:00:41,310

Inside it, you will find four files.



10

00:00:41,940 --> 00:00:52,230

We have to compile that which will compile your source code into the new malware EIC.



11

00:00:52,740 --> 00:01:00,960

And then we have the new Python script, which will take your shellcode north baton bin and encrypted



12

00:01:01,230 --> 00:01:02,700

using Aiyaz encryption.



13

00:01:03,720 --> 00:01:08,010

So let's take a look at the Python script first.



14

00:01:10,470 --> 00:01:12,500

The opening act is not bad pass plus.



15

00:01:13,920 --> 00:01:22,380

So this Python script to use encryption key, the length Peattie 16 characters will be randomise using



16

00:01:22,380 --> 00:01:23,460

the random function.



17

00:01:24,300 --> 00:01:31,710

And then we have pet function, we access s, which is the string.



18

00:01:32,160 --> 00:01:41,400

And then you return this combination of operations and dispatch function is using another function called



19

00:01:41,400 --> 00:01:47,430

the U.S. could be access to input, the plaintext and the key.



20

00:01:48,270 --> 00:01:54,120

So the plain text is coming from the parameter to this script.



21

00:01:54,660 --> 00:01:58,230

And the key the key coming from chinky here.



22

00:01:59,340 --> 00:02:03,630

And this function is called function, this function call here.



23

00:02:04,230 --> 00:02:12,480

So inside these two functions, we have the details of how it works that require some advance knowledge.



24

00:02:12,750 --> 00:02:13,980

Yes, InnerWorkings.



25

00:02:14,340 --> 00:02:16,380

And we don't go into it here.



26

00:02:17,340 --> 00:02:24,270

But just remember that when he accepts, he it enticing key will do the action and return the ciphertext,



27

00:02:25,200 --> 00:02:26,440

the main entry point.



28

00:02:26,640 --> 00:02:32,030

So we're here where you're supposed to file for re.



29

00:02:32,550 --> 00:02:40,130

And after reading it, we save the content of debt file that far will be or shall we say it in plain



30

00:02:40,140 --> 00:02:40,950

text variable.



31

00:02:41,580 --> 00:02:49,110

And if there's an error, if the user did not provide funding, it will print the error showing the



32

00:02:49,110 --> 00:02:50,790

usage of each script.



33

00:02:51,270 --> 00:02:55,330

Can you exit assuming the user has correctly provided?



34

00:02:55,380 --> 00:02:58,440

In fact, he will not proceed to this line.



35

00:02:58,440 --> 00:03:00,140

We will call this function call.



36

00:03:00,150 --> 00:03:00,930

He is encrypt.



37

00:03:01,380 --> 00:03:08,610

He will pass the sherkat and the encryption key coming from here and to this function.



38

00:03:09,030 --> 00:03:13,500

So this function will make use of the sherkat and a key to do the encryption.



39

00:03:13,830 --> 00:03:17,090

And then you return to the caller.



40

00:03:17,700 --> 00:03:24,240

So when he return, you come to this line and you'll be saved in this variable called ciphertext.



41

00:03:25,170 --> 00:03:29,750

And then you print the key as well as the Yankees payroll.



42

00:03:31,440 --> 00:03:38,120

So this print here will be coming from the encryption key up here.



43

00:03:38,460 --> 00:03:43,830

And this print here will be coming from the ciphertext, which is written from this function.



44

00:03:45,750 --> 00:03:56,550

And then once you finally got this encryption key, as well as the encrypted ciphertext, you take both



45

00:03:56,550 --> 00:03:58,050

and put it in this file.



46

00:03:59,130 --> 00:04:00,390

So let's open this file.



47

00:04:02,420 --> 00:04:05,840

So in this file, you have a new function called decree.



48

00:04:05,970 --> 00:04:06,320

Yes.



49

00:04:06,770 --> 00:04:08,060

And you have the main function.



50

00:04:08,990 --> 00:04:13,310

You will pay to include that payroll here and you base your encryption key here.



51

00:04:13,910 --> 00:04:17,750

So these two are coming from the output from the Python script.



52

00:04:19,340 --> 00:04:24,260

And then the rest is almost the same as the previous Zuwara encryption.



53

00:04:25,010 --> 00:04:30,800

He will create the he will calculate the size for the payload, submit to this variable.



54

00:04:31,190 --> 00:04:33,350

He will call which you to allocate memory.



55

00:04:33,710 --> 00:04:40,220

And then you will print the address of the payload, which is this one and the Alcatel memory coming



56

00:04:40,220 --> 00:04:41,180

from which you are OK.



57

00:04:41,990 --> 00:04:47,540

And then you will wait for user to present the key, and then you will call the police function, which



58

00:04:47,540 --> 00:04:57,080

is up here so that you could ask function to accept the encrypted below the length of independent encryption



59

00:04:57,080 --> 00:05:01,340

key and the size of the cushion key, which is calculated on the fly.



60

00:05:02,030 --> 00:05:12,140

You would come here and perform the decryption and the decryption he misuse of the Encrypt API in Windows



61

00:05:12,230 --> 00:05:13,040

operating system.



62

00:05:13,640 --> 00:05:19,430

And these are the four permissions which comes when we include the five functions, which comes from



63

00:05:19,430 --> 00:05:19,820

Encrypt.



64

00:05:20,360 --> 00:05:24,440

And if you are interested, I provided the link for us throughout.



65

00:05:24,980 --> 00:05:27,020

You can go in now.



66

00:05:27,300 --> 00:05:35,660

Sfar contains all the links for documentation, for all the functions, and then the explanation is



67

00:05:35,660 --> 00:05:36,290

all here.



68

00:05:36,710 --> 00:05:46,760

Starting this first function, quiet context, which explains the parameters for this one.



69

00:05:47,540 --> 00:05:50,600

And then next one is your.



70

00:05:54,170 --> 00:06:01,460

Barometer for barometer one, two, three, four if our barometer of this function is where you push



71

00:06:01,790 --> 00:06:03,740

for weight and whatever encryption you want.



72

00:06:04,190 --> 00:06:10,820

So in this case, we use the p r we rc s constant telling.



73

00:06:10,830 --> 00:06:16,790

That means we can encrypt this idea using RC or he has an explanation for that.



74

00:06:16,820 --> 00:06:19,010

He's coming from here.



75

00:06:19,640 --> 00:06:21,770

He's here cryptographic provider types.



76

00:06:22,340 --> 00:06:25,760

And this Asao, the provider thinks you can read about it here.



77

00:06:26,570 --> 00:06:28,760

All the other stuff we're using is this.



78

00:06:30,440 --> 00:06:34,850

And then the next function is to create hash, she is coming from here.



79

00:06:35,450 --> 00:06:36,890

You can read about it here as well.



80

00:06:37,460 --> 00:06:43,790

And what the parameters mean, the important one is the second parameter where you are going to create



81

00:06:43,790 --> 00:06:53,750

a hash out of this provider and then setting this variable hash it handled through the hash in the hash



82

00:06:53,750 --> 00:06:56,060

you're using must provided in a second parameter.



83

00:06:56,390 --> 00:06:57,350

He has an ID.



84

00:06:58,070 --> 00:07:04,370

In this case, Qadhafi's next one will be hash data, which is explained here.



85

00:07:04,370 --> 00:07:04,560

So.



86

00:07:06,380 --> 00:07:12,170

And when you start, you calculate the hash for the key and say in here.



87

00:07:14,930 --> 00:07:20,870

And then the fourth one is the crib drive key, which is this one can derive key.



88

00:07:21,980 --> 00:07:23,150

You can read about it here.



89

00:07:25,430 --> 00:07:31,940

How he looks and the barometers and then you can see the second parameter is the algorithm, Heidi.



90

00:07:32,450 --> 00:07:36,080

So in this case, you want to use the ace encryption devices.



91

00:07:36,590 --> 00:07:38,120

So that's the important thing.



92

00:07:38,120 --> 00:07:42,270

The second parameter is a telltale sign you are using.



93

00:07:42,290 --> 00:07:42,860

Yes.



94

00:07:43,640 --> 00:07:46,850

So here you derive a key and you save it in here.



95

00:07:47,120 --> 00:07:47,810

Henschke.



96

00:07:48,200 --> 00:07:50,890

And here you pass this key to decrypt.



97

00:07:51,410 --> 00:07:52,400

And if you stay.



98

00:07:53,000 --> 00:07:59,720

And the payload to decrypt your bill and save you back to the bill.



99

00:08:02,240 --> 00:08:05,150

In explanation for that function is strong here.



100

00:08:07,490 --> 00:08:08,720

Here you can read all about it.



101

00:08:10,970 --> 00:08:19,160

And you see the BBC data is here and potatoes has spin here are pointed to the buffer that contains



102

00:08:19,160 --> 00:08:22,670

the data could be decrypted after the decryption has been performed.



103

00:08:23,030 --> 00:08:25,760

The plain text is placed back into this same buffer.



104

00:08:26,030 --> 00:08:26,650

I miss you.



105

00:08:26,660 --> 00:08:27,170

All right.



106

00:08:27,610 --> 00:08:34,280

Yeah, Bill, when you pass the payload, which is origin encrypted, you take the key from the handle



107

00:08:34,280 --> 00:08:39,950

here and then he would be all right if the decrypted data.



108

00:08:40,670 --> 00:08:48,350

And then you have to release all the objects after to complete it using the API for action decryption



109

00:08:48,350 --> 00:08:48,890

functions.



110

00:08:50,750 --> 00:08:55,910

And then once you've decrypted it, epilog will now be overwritten with the decrypted data.



111

00:08:56,330 --> 00:09:02,660

Then you will copy memory from the payload, which has been taken into the allocated memory and Covid



112

00:09:02,660 --> 00:09:04,250

you're protecting executable.



113

00:09:04,700 --> 00:09:11,870

And then when the user presses enter, he will create a check out of that allocated memory, which contains



114

00:09:11,870 --> 00:09:12,890

a special court.



115

00:09:13,460 --> 00:09:14,480

And the rest is the same.



116

00:09:14,940 --> 00:09:15,200

OK.



117

00:09:15,470 --> 00:09:17,000

So here's how it works.



118

00:09:17,510 --> 00:09:19,580

And then the compiler script.



119

00:09:21,500 --> 00:09:23,840

It's open in their capacity.



120

00:09:24,140 --> 00:09:28,100

Will take your seats so far.



121

00:09:28,130 --> 00:09:33,380

She's called a doorstep and give the phone over here.



122

00:09:33,740 --> 00:09:39,320

So this is your output malgre, which contains he encrypted email.



123

00:09:40,070 --> 00:09:44,900

So this explanation for all these scripts and files.



124

00:09:45,350 --> 00:09:49,670

So in the next video, I'll show you how to encrypt your.



125

00:09:49,820 --> 00:09:51,370

Shall we?



126

00:09:51,650 --> 00:09:52,130

Yes.



127

00:09:52,730 --> 00:09:57,780

And then build your output using the compiler script.



128

00:09:58,220 --> 00:09:59,360

Thank you for watching.