mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 05:59:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
# Ransomware Encryption Standards Reference
|
||||
|
||||
## Common Encryption Schemes by Family
|
||||
| Family | Symmetric | Asymmetric | Key Size |
|
||||
|--------|-----------|-----------|----------|
|
||||
| Rhysida | AES-256-CTR | RSA-4096 | 256-bit |
|
||||
| Qilin.B | AES-256-CTR/ChaCha20 | RSA-4096 OAEP | 256-bit |
|
||||
| Medusa | AES-256 | RSA public key | 256-bit |
|
||||
| LockBit 3.0 | AES-256-CTR | Curve25519 | 256-bit |
|
||||
| BlackCat/ALPHV | AES-128/ChaCha20 | RSA-2048 | 128/256-bit |
|
||||
| Conti | ChaCha20 | RSA-4096 | 256-bit |
|
||||
|
||||
## Windows Cryptographic API Cheat Sheet
|
||||
| Function | Purpose |
|
||||
|----------|---------|
|
||||
| CryptAcquireContext | Acquire crypto provider handle |
|
||||
| CryptGenKey | Generate symmetric/asymmetric key |
|
||||
| CryptImportKey | Import key blob |
|
||||
| BCryptOpenAlgorithmProvider | Open CNG algorithm |
|
||||
| BCryptGenerateSymmetricKey | Create symmetric key |
|
||||
|
||||
## MITRE ATT&CK Techniques
|
||||
- T1486: Data Encrypted for Impact
|
||||
- T1490: Inhibit System Recovery
|
||||
- T1083: File and Directory Discovery
|
||||
- T1082: System Information Discovery
|
||||
|
||||
## References
|
||||
- [No More Ransom Decryptors](https://www.nomoreransom.org/en/decryption-tools.html)
|
||||
- [ID Ransomware](https://id-ransomware.malwarehunterteam.com/)
|
||||
@@ -0,0 +1,37 @@
|
||||
# Ransomware Encryption Analysis Workflows
|
||||
|
||||
## Workflow 1: Encryption Routine Identification
|
||||
```
|
||||
[Ransomware Sample] --> [Import Analysis] --> [Find Crypto APIs]
|
||||
|
|
||||
v
|
||||
[Identify Algorithm]
|
||||
|
|
||||
v
|
||||
[Trace Key Generation]
|
||||
|
|
||||
v
|
||||
[Assess Decryption Feasibility]
|
||||
```
|
||||
|
||||
## Workflow 2: Key Recovery Assessment
|
||||
```
|
||||
[Encrypted Files] --> [Analyze File Structure] --> [Locate Encrypted Key]
|
||||
|
|
||||
v
|
||||
[Check for PRNG Weaknesses]
|
||||
|
|
||||
v
|
||||
[Attempt Key Recovery]
|
||||
```
|
||||
|
||||
## Workflow 3: Decryptor Development
|
||||
```
|
||||
[Identified Flaw] --> [Extract Parameters] --> [Build Decryption Logic]
|
||||
|
|
||||
v
|
||||
[Test on Sample Files]
|
||||
|
|
||||
v
|
||||
[Release Decryptor Tool]
|
||||
```
|
||||
Reference in New Issue
Block a user