new blog post, start of a malware development project (not published yet)

This commit is contained in:
Joost Agterhoek 2024-10-09 14:40:08 +02:00
parent cd03cf1e1a
commit 51e3323e1a
6 changed files with 60 additions and 69 deletions

View File

@ -0,0 +1,40 @@
+++
title = 'Learning basic JavaScript with Obsidian'
date = "2024-10-08"
updated = 2024-10-08
[taxonomies]
tags = ['programming', 'Obsidian', 'JavaScript']
+++
For a little while now, I have been using Obsidian for my note taking .✍️. So far, it's been great: I love the Neovim-support, the idea and use of backlinks, the different ways in which you can arrange and use the sidepanes, adding custom states to tasks.
As I started using Obsidian more and more, especially for my work as a SOC security analyst, I started wondering if I could 'stay' in Obsidian as much as possible, even including things like hour sheets into my workflow. I was happy to find this offline, fast and intuitive plugin, [ObsidianSimpleTimeTracker](https://github.com/Ellpeck/ObsidianSimpleTimeTracker). Incorporating this into my daily notes with a simple template, I am able to open my Obsidian vault, create a new daily note (which is automatically given the current date as the file name) and start recording my hours per task and project ⏰. Great!
There was one thing missing though, something you definitely need when tracking hours: an overview. Of course I could sift through all the daily notes, but maybe I could create a dynamic overview of the hours worked per project per day somehow? The [Github-repo of ObsidianSimpleTimeTracker](https://github.com/Ellpeck/ObsidianSimpleTimeTracker#-tracker-data-in-dataview) has a handy example of how to load time tracker data in your vault and print the duration. I just had to rework this example to fit my needs. How hard could it be?
First off, I don't know any JavaScript 🙈. It's a gap in my (beginner) programming skill set I hope to fill one day. But for the moment, I had nothing to go off, but to think of how I would solve this problem in a language I am more familiar with, like Python 🐍. After a few days of fiddling around, I got stuck on a for loop issue. I was able to iterate through the entries (duration of tracked work) and entry names (name given to tracked work, like a project) of each tracker in my daily notes.
But for some reason, I **wasn't** able to do both after each other ➰. Finally, I found a solution: I had to do both at the same time 🙃 Basically, I found an answer without understanding the answer 💢. But, for the time being, a quick and dirty solution to my very personal problem is good enough. As I start learning JavaScript, I could reinvestigate this script further. For now, here is the code I have, which I still have to edit [per the very nice and helpful comments the creator of the ObsidianSimpleTimeTracker-plugin gave me](https://github.com/Ellpeck/ObsidianSimpleTimeTracker/issues/58).
The next thing would be to build this out to a neat table, to actually give the overview that I want (this still produces a list that is too long). There's always room for improvement 👷.
```js
let api = dv.app.plugins.plugins["simple-time-tracker"].api;
for(let page of dv.pages('#tijd-bijhouden').sort(p => p.file.name, 'desc')) {
// load trackers in the file with the given path
let trackers = await api.loadAllTrackers(page.file.path);
if (trackers.length)
dv.el("strong", "Trackers in: " + page.file.name);
for (let {section, tracker} of trackers) {
let number_of_trackers = trackers.entries.length;
for (let i = 0; i < alltrackers; i++) {
if (tracker.entries[i])
dv.el('p', 'doel: ' + tracker.entries[i]['name'] + '<br>' + 'tijdsduur: ' + api.formatDuration(api.getDuration(tracker.entries[i])))
}
}
}
```

View File

@ -0,0 +1,20 @@
+++
title = "Malware development"
description = "Example description with a lot of words but without any meaning. Why use lorem ipsum when you can just write a lot of text that has no underlying meaning?"
weight = 1
updated = 2024-09-29
[extra]
remote_image = "https://images.unsplash.com/photo-1620121692029-d088224ddc74?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1632&q=80"
+++
**This is a work in progress! Here I hope to organize learnings from various malware development series and courses I am currently taking.
# Where to place your payload
This table showcases possible places to put your payload within a PE file with notes about the section and why to place a payload there.
| section name | purpose | reason(s) to store payload |
|--------------|---------|----------------------------|
| `.data` | contains initialized global <br> and static variables | section is readable and writable, <br> making it suited for an encrypted payload |
| `rdata` | ? | ? |

View File

@ -1,25 +0,0 @@
+++
title = "Flask SOC site"
description = "A Python-powered Flask website to look up domains, URLs and IP addresses."
weight = 1
updated = 2024-09-12
[extra]
remote_image = "https://code.joostagterhoek.nl/joost/flask-soc-site/media/branch/main/screenshots/screenshot-flask-soc-site-2024-09-06.jpg"
# link_to = "https://code.joostagterhoek.nl/joost/flask-soc-site"
+++
This is a 🐍 Python project to build a one-page website that aims to help a security operations center (SOC) analyst. You will be able to enter a host (URL, IP address, email address) and look up security-relevant information. This includes:
- 🪳 [VirusTotal](https://virustotal.com) and [AbuseIPDB](https://abuseipdb.com) results on a URL, domain name or IP (v4 and v6) address (🔴 color-coded undetected, harmless and malicious results)
- 📧 DMARC and SPF information on domain names (also from URLs and email addresses).
- ✍️ Generic domain registration information.
This is done with (among others) the following Python-modules:
| module | purpose | usage |
|--------------|--------------------------------------------------------|----------------------------------------|
| `flask` | lightweight WSGI web application framework | development server |
| `Datatables` | JavaScript HTML table enhancing library | organizing and coloring lookup results |
| `requests` | HTTP library | query VirusTotal- and AbuseIPDB-APIs |
| `checkdmarc` | Python module for validating SPF and DMARC DNS records | look up SPF and DMARC records |

View File

@ -1,24 +0,0 @@
+++
title = "CLI host lookup"
description = "A command-line interface tool to look up hosts (IP address, URL, domain and email address) and provide information relevant to security analysts (registrar information, SPF/DMARC records, VirusTotal and AbuseIPDB results). "
weight = 1
updated = 2024-09-02
[extra]
# You can also crop the image in the url by adjusting w=/h=
remote_image = "https://code.joostagterhoek.nl/joost/cli-lookup/media/branch/main/assets/imgs/README_2024-09-02_14-40-00.png"
+++
This is a 🐍 Python project to build a command-line interface application that aims to help a security operations center (SOC) analyst. You are able to enter a host (URL, IP address, email address) and look up security-relevant information. This includes:
- 📧 DMARC and SPF information on domain names (also from URLs and email addresses).
- ✍️ Generic domain registration information.
This is done with (among others) the following Python-modules:
| module | purpose | usage |
|--------------|--------------------------------------------------------|----------------------------------------|
| `rich` | library for writing rich text to the terminal | display and color lookup results |
| `tqdm` | wraps any iterable and displays a smart progress bar | display progress for multiple lookups |
| `requests` | HTTP library | query VirusTotal- and AbuseIPDB-APIs |
| `checkdmarc` | Python module for validating SPF and DMARC DNS records | look up SPF and DMARC records |

View File

@ -1,10 +0,0 @@
+++
title = "Project 3"
description = "Example description"
weight = 1
[extra]
remote_image = "https://images.unsplash.com/photo-1462556791646-c201b8241a94?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1465&q=80"
+++
Example project page

View File

@ -1,10 +0,0 @@
+++
title = "Project 4"
description = "Example description with a lot of words but without any meaning. Why use lorem ipsum when you can just write a lot of text that has no underlying meaning?"
weight = 1
[extra]
remote_image = "https://images.unsplash.com/photo-1620121692029-d088224ddc74?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1632&q=80"
+++
Example project page