Payload Encryption is used by attackers to hide the malicious code contained in a malicious file. It is necessary to evade modern AV solutions.

Cons

• Only evades signature-based static detection, not runtime & heuristic analysis.
• Increases the entropy, which is one of the IoCs.

Encryption Types

1. XOR
2. AES
3. RC4

Objectives

• [x] Read about XOR, RC4 and AES encryption algorithms

XOR Encryption

XOR Encryption is an encryption method used to encrypt data. Below is the C++ implementation of it.

The concept of implementation is to first define XOR - encryption key and then perform XOR operation of the characters in the String with this key which you want to encrypt. To decrypt the encrypted characters we have to perform XOR operation again with the defined key.

#include <stdio.h>
#include <string.h>

void encryptDecrypt(char inpString[]) {
	char xorKey = 'P';

	int len = strlen(inpString);

	for (int i = 0; i < len; i++) {
		inpString[i] = xorKey ^ inpString[i];
		printf("%c", inpString[i]);
	}
}

int main() {
	char sampleString[] = "SushantIsTheBest";

	printf("Encrypted String: ");
	encryptDecrypt(sampleString);
	printf("\\n");

	printf("Decrypted String: ");
	encryptDecrypt(sampleString);
	printf("\\n");

	getchar();
	return 0;
}

• [x] Understand the difference between stream cipher and block cipher
• [x] Understand the difference between symmetric and asymmetric encryption