Trickbot is not a new threat, but it is an evolving one. The latest twist of the banking Trojan knife as far as Windows 10 users are concerned is the addition of new methods to not only evade but actually disable Windows Defender security protection. As reported on July 14 in Forbes , Trickbot is a particularly stealthy banking Trojan that has been around since 2016. Since then, it was thought to have compromised no less than 250 million email accounts in an effort to distribute the malware payload. That payload includes the stealing of online banking credentials and cryptocurrency wallets. Microsoft has always been front and center as far as Trickbot attack campaigns are concerned, with weaponized Word and Excel files being a favored approach. The latest campaign is targeting Windows 10 users and implementing a highly detailed and convincing, but fake nonetheless, Office 365 page to prompt for browser updates that install the Trojan itself. Disab...
Last week, I gave a presentation on cybersecurity to college lecturers, and it was great fun. The presentation after mines was by someone from Quorum Cyber, and I enjoyed listening to it. One point that really stuck out was the advice on student education …
“If you want to do Cyber Security, be good at Python and JavaScript”
I smiled at this, because many years ago I predicted the end of JavaScript, as it just couldn’t cope with the strongly typed languages such as C#. I could only see a future of Java, C#, .NET, and so on, and where everything was run within a framework. How wrong was I?
When I first started to use Python, I disliked it. But now virtually all the code I create has Python as my back-end code.
And so it is JavaScript and Python that should be a core element in the education of our next generation of Cybersecurity professionals. You will find JavaScript is involved in creating a modern user interface, and now, with node.js, we see JavaScript at the back-end. The days of technical people avoiding scripting are thus past, and now it has become a standard tool in data analytics, cloud infrastructures, pen testing, crypyoanalysis, and in so many areas.
So let’s look at a simple example of using node.js. The following is some sample code, and where we integration the crypto module [here]. The following is some sample code:
var crypto = require("crypto");function encryptText(algor, key, iv, text, encoding) { var cipher = crypto.createCipheriv(algor, key, iv); encoding = encoding || "binary"; var result = cipher.update(text, "utf8", encoding);
result += cipher.final(encoding); return result;
}function decryptText(algor, key, iv, text, encoding) { var decipher = crypto.createDecipheriv(algor, key, iv); encoding = encoding || "binary"; var result = decipher.update(text, encoding);
result += decipher.final(); return result;
}
var data = "This is a test";
var password = "hello";
var algorithm = "aes256"const args = process.argv.slice(3);data = args[0];
password = args[1];
algorithm = args[2];console.log("\nText:\t\t" + data);
console.log("Password:\t" + password);
console.log("Type:\t\t" + algorithm);var hash,key;if (algorithm.includes("256"))
{
hash = crypto.createHash('sha256');
hash.update(password); key = new Buffer.alloc(32,hash.digest('hex'),'hex');
}
else if (algorithm.includes("192"))
{
hash = crypto.createHash('sha192');
hash.update(password); key = new Buffer.alloc(24,hash.digest('hex'),'hex');
}else if (algorithm.includes("128"))
{
hash = crypto.createHash('md5');
hash.update(password); key = new Buffer.alloc(16,hash.digest('hex'),'hex');
}
const iv=new Buffer.alloc(16,crypto.pseudoRandomBytes(16));console.log("Key:\t\t"+key.toString('base64'));
console.log("Salt:\t\t"+iv.toString('base64'));var encText = encryptText(algorithm, key, iv, data, "base64");console.log("\n================");console.log("\nEncrypted:\t" + encText);var decText = decryptText(algorithm, key, iv, encText, "base64");console.log("\nDecrypted:\t" + decText);
In this case we take a password, and then convert it into a 256-bit SHA hash, and then use this as the key for the encryption. We also use 16 bytes of salt (IV — Initialisation Vector) for the encryption process. A sample run is [here]:
Text: This is a test
Password: qwerty
Type: aes-256-ofb
Salt: 2WviHpXk70ienaEzImAKfg==================Encrypted: zbfDPCmJgsEA7akp50I=Decrypted: This is a test
Conclusions
If you want to get into Cybersecurity, learning Python and JavaScript are great places to start. JavaScript is useful in both understanding front-end system, but also to script advanced code for cryptography.
Here are some more node.js examples:
Diffie-Hellman with node.js. DH. DH with node.js.
Hashing with node.js. Hashing. Hashing with node.js.
Schnorr signature. Schnorr. This is an implementation in node.js.
Schnorr signature with multiple public keys. Schnorr. This is an implementation in node.js for multiple public keys.
ECDSA with node.js. ECDSA. ECDSA with node.js.
EdDSA with node.js. EdDSA. EdDSA with node.js.
JSON Web Signatures and JSON Web Tokens. Web Tokens. JSON Web Tokens with node.js.
And some JavaScript crypto examples:
Random number generator. Rand. Random number generator
AES. AES. AES encryption
Hash. Hash. Hashing using JavaScript
RSA. RSA. RSA using JavaScript
Password generation/hashing. Hashing. Password generation/hashing using JavaScript
CMS. CMS. Encapsulating with CMS
ECDH. ECDH. Elliptic Curve Diffie Hellman
Comments
Post a Comment