Hi, My xdbg32 not creating decode.txt file in my c windows folder after CreateFileA api, not even encrypting the machine. Anything i needed to be done before
Hi Michael, Thank you for sharing this. I have 2 questions here. 1. So, we could extract the plaintext session key because the cryptexportkey() wasn't using hExpkey (that is using the public key/rsa key to encrypt the session key while exporting) ? 2. Also, in my lab, the malware doesn't create decode.key under windows folder when I step through Createfile(). Any points what could be wrong ?
Question for you, since the unencrypted AES key was in memory, would performing memory forensics after the malware is executed possibly lead to key recovery?
Theoretically, yes, assuming it wasn't properly zero'd from memory. Never had experience with that working personally once the executable has exited and the memory overwritten by another process.
That's not how it works... RSA-1024 and above will only be breakable using a quantum computer that is leagues above what's available right now. We're a good 20-30+ years from such a thing.
You rock! Thank you for sharing these awesome videos with us.
Dude you make it seems so easy! Good job
you are more than awesome maaaaaaaaaaan
Awesome tutorial, but how can I dowload the sample without registering
Hi, My xdbg32 not creating decode.txt file in my c windows folder after CreateFileA api, not even encrypting the machine. Anything i needed to be done before
maybe it's about debbugging issues that has already done, or you're using a diff os version !
Hi Michael, Thank you for sharing this.
I have 2 questions here.
1. So, we could extract the plaintext session key because the cryptexportkey() wasn't using hExpkey (that is using the public key/rsa key to encrypt the session key while exporting) ?
2. Also, in my lab, the malware doesn't create decode.key under windows folder when I step through Createfile(). Any points what could be wrong ?
Question for you, since the unencrypted AES key was in memory, would performing memory forensics after the malware is executed possibly lead to key recovery?
Theoretically, yes, assuming it wasn't properly zero'd from memory. Never had experience with that working personally once the executable has exited and the memory overwritten by another process.
heh dude, he said sex 3:57
Hello, Michael!
How to get Crypto Tester?
sorry my english I'm learning, hugs from Brazil.
I haven't published it yet - it's a tool suite I wrote. I'll make a video highlighting it when it's released. 😉
@@Demonslay335 thanks, very nice video friend
Dear Michael,
I need ur advise, I was infected by a Virus name: Nemty & Kvag at the same File, pls do help me,.
Nemty, contact Tesorion CISRT. For Kvag, aka STOP Djvu, read the BleepingComputer support topic FAQ.
with your knowledge one day you will break RSA encryption and ransomware
That's not how it works... RSA-1024 and above will only be breakable using a quantum computer that is leagues above what's available right now. We're a good 20-30+ years from such a thing.
@@Demonslay335 i know sir, but i wish someday it happen
i had a txt file in windows folder written public key inside , is it helpful?
@@rpsingh7558 If it's RSA-1024 or above, no. It's called the RSA factoring problem.
@@Demonslay335 thanks but how i know its 1024 or 2096 etc