Decrypting AsyncRAT Configuration Values with CyberChef скачать в хорошем качестве

Decrypting AsyncRAT Configuration Values with CyberChef

I've got a malware sample that has a bunch of configuration values that are decrypted using AES, but not in the standard way that CyberChef would do it. I'll show how the program is setup, and then pivot to CyberChef using many operations, including Register, Derive PBKDF2 key, and AES Decrypt to get the IV and ciphertext, generate the key, and decrypt the value. This malware comes from the Einladen Sherlock challenge from HackTheBox. Final recipe: https://gchq.github.io/CyberChef/#rec... HackTheBox Einladen Blog post: https://0xdf.gitlab.io/2024/05/02/htb... HackTheBox Einladen: https://app.hackthebox.com/sherlocks/... embee_research:    / @embeeresearch   ☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf [00:00] Introduction [00:55] Settings class (DotPeek) [01:40] AES fails [02:05] Dynamic decrypt [03:00] Custom AES object [05:00] Information summary [05:26] Getting salt [07:48] Saving IV and ciphertext [10:28] Derive key [11:51] Decrypting [12:51] Decrypting other inputs [13:06] Conclusion #pentest #ctf #malware #reverseengineering #cyberchef #asyncrat #aes