I’m new here pls I need some explanation

⌛️ WHAT IS CRYPTING ⌛️ This post examines the concept of a crypt file, as well as the reasons why a large number of crypt services on the market may be impractical and overpriced. Who is this post useful for ? For beginners, to understand the general picture of the crypto world and avoid pitfalls. We posted in Scarletta many posts about botnet, but this is a rare topic. Experienced users who are tired of paying for services that either do not work or work unsatisfactorily. What is a file crypt ? For those who are just starting to understand this topic, an encrypted file is a file that is encrypted to bypass antivirus programs. This is done so that the file appears safe and can be downloaded and run without fear of possible consequences from antivirus software. Typically, the purpose of encryption is to hide and protect information from unwanted access. Operating system protection system Operating system protection systems include active and proactive measures. Let's consider all protection systems in detail and sequentially. 1️⃣ Browser File Loading: This is the ability of a file to pass browser inspection without issuing warnings. The file should download and be ready to open without additional alerts. 2️⃣ Static antivirus scan (ScanTime): the antivirus scans the file directly when downloading it in the browser. A good cryptographic approach is required to successfully pass the verification. To download a file safely without problems and warnings, you need to go through 2 protection systems: browser and antivirus. 3️⃣ UAC (User Account Control): Some services can bypass UAC, but this has nothing to do with the request to open a file when downloading from a browser. Bypassing UAC is not necessary. 4️⃣ Dynamic antivirus scanning at startup (RunTime): when a file is launched, the antivirus begins to actively scan it. If the file fails verification, it is blocked. The difference between static and dynamic verification will be discussed later. 5️⃣ SmartScreen: This is a proactive security system that verifies the file's signature and certification. If something is suspicious, SmartScreen asks whether to run the file. To successfully launch the file without problems, you need to go through 2 more protection systems: dynamic antivirus scanning and SmartScreen. One thing to do when checking crypto for quality Checking the quality of encryption is the first step. If you have experience or a good understanding in this area, you will understand that it is necessary to check the encrypted file for functionality and ability to bypass security systems, including anti viruses. Checking a file to download can be quick and simple, but checking it to bypass the protection of anti viruses, of which there are many, is a rather complex task. For this purpose, various virus checkers have been created - from the well-known VirusTotal (VT), which makes information available to everyone (which is logical, since this is its task), to other checkers that maintain confidentiality (avcheck, antiscan, kleenscan) BUT very often such services make mistakes and if you want to check the real output of a file you need to get a little confused, namely: We create several virtual machines with the most top-end antiviruses and check whether your encrypted file is detected, and we also check the runtime . What is scantime and runtime Scantime is the process of creating a crypt file based on a cryptographic module, which is then converted into a stub, where you can embed any program to obtain the finished file. Scantime is easier to clean and update, but does not take into account the file’s response to startup. Runtime is a process in which a file is launched, the antivirus scans it, and if no danger is detected, the file continues its work. Cleaning runtime is more difficult due to the fact that the process is not related to the crypt and depends on the work of the software creator. Runtime can be static or dynamic. Crypt on scantime and runtime are two different operations that do not intersect with each other. To crypto on Runtime , you need to study antivirus algorithms, scanning methods, find weak points and work around them. This requires a longer process and a unique high-quality crypt. It is important to note that the cleanliness of the base software build plays a key role in successfully cleaning runtime. It is possible to remove several detections on Runtime , but this depends on the purity of the build and the experience of the cryptor. Thus, the following aspects are highlighted 👉 Differences between checker results and actual data. If the stability is outdated and has not been updated for a long time, this can significantly distort the picture, depriving the crypto file of its meaning. 👉 Lack of adaptation of the crypt to runtime. If the base file is already suspicious and has many detections at runtime , then what is the point of a perfectly clean scantime crypt? 👉 Low demand for expensive unique stubs. It is important to note that there are adequate services that check cryptocurrencies under Scantime using the method described by me. They test on real machines with antivirus installed manually. However, such services rarely go public. How to identify services or specialists with whom it is better not to work? 👉 The answer to the question about runtime causes confusion or they state that it is not their responsibility. An adequate service will explain that the creator of the software must monitor the cleanliness of runtime. A high-quality service will help clear runtime if you have a clean build . 👉 Inappropriate behavior and aggression when asked why a supposedly clean crypt is found on a live machine. The difference between "private" and "public" stubs The difference between private and public stubs lies in individuality and limited use. A private stub is created for a specific client, taking into account its requirements and parameters, which ensures a high level of invisibility (FUD=0) when scanning with anti viruses. This type of stub usually has a high rental cost. On the other hand, a public stub is created for a wide range of users and has a limited lifespan. It is often used before mass distribution and may be less reliable. The price of a public stub is usually lower, but its "life" is not predictable. It is important to remember that checking service crypts with live anti viruses can have a negative impact on the crypt, so this method should only be used to assess quality, and not for regular checking. Uploading a file to the browser Uploading a file to the browser is the first step towards opening it. Ideally, there will be no warnings about the file being potentially dangerous, which could prevent a successful download. It is important to understand two key points: the process of downloading a file in a browser does not depend on encryption, and scanning a file with a browser and an antivirus are different processes. There is a check by the browser before the file is downloaded, most noticeable when the file is downloaded and a download indicator is displayed. After downloading, an antivirus scan begins if the corresponding module is activated. Preparing a file to successfully load into a browser requires complex multi-factor steps, including a signature, certificate, cryptographic protection, a clean domain IP address, and hosting. It is important to note that crypting a file and preparing to download it to the browser are different tasks that require an individual approach. A good professional can help with this, but often Google's requirements and policy changes make it difficult. Each problem requires a separate solution; do not confuse everything together. What is a smartscreen and why you can't bypass it SmartScreen is a feature that is the last line of defense in Windows 10. It can be a pain for system administrators and of limited practical value for regular users. In theory, the purpose of this function is to check the certification of files and block files without a trusted certificate. However, in practice, the smartscreen works unstable and unpredictably, like a drug addict under the influence of various drugs. It can block good files and allow bad ones, ignore untrusted files, and generate errors for files with a valid signature. The problem is that about 30% of computers receive a message from the smartscreen that it is impossible to verify the file signature. There are several ways to work around this problem, but there are no guaranteed methods. Using a valid certificate may slightly reduce the number of errors, but it will not completely solve the problem. Some files may be blocked even with a license or digital signature. Thus, you can solve this problem either by accepting it or by trying to use a valid certificate. Purchasing a certificate from a reputable provider like Comodo can save you money and avoid some hassles. And now what i can do We look for crypters on the market, check their scanning methods, test crypts on live machines. If everything is good, we work. If there are discrepancies with the check services, we try to come to an agreement, please provide proof of the crypt in runtime. If they don’t want it, we look further. Don’t give up, adequate crypters exist, you just need to find them.

Our courses provide you with the knowledge and intelligence you need to thrive in the world of cybersecurity. By enrolling in our ethical hacking courses, you'll learn the skills necessary to protect yourself and others from cyber attacks. Our comprehensive guide to cybersecurity offense and defense will give you the tools you need to succeed in this rapidly evolving field. Whether you're just starting out or looking to take your skills to the next level, we're here to help. Join us on the journey towards a safer, more secure online world.