From 51e3323e1a9f14a13f7b293ae0a4a364933ac417 Mon Sep 17 00:00:00 2001 From: Joost Agterhoek Date: Wed, 9 Oct 2024 14:40:08 +0200 Subject: [PATCH] new blog post, start of a malware development project (not published yet) --- content/posts/basic-javascript.md | 40 +++++++++++++++++++++++++ content/projects/malware-development.md | 20 +++++++++++++ content/projects/project_1.md | 25 ---------------- content/projects/project_2.md | 24 --------------- content/projects/project_3.md | 10 ------- content/projects/project_4.md | 10 ------- 6 files changed, 60 insertions(+), 69 deletions(-) create mode 100644 content/posts/basic-javascript.md create mode 100644 content/projects/malware-development.md delete mode 100644 content/projects/project_1.md delete mode 100644 content/projects/project_2.md delete mode 100644 content/projects/project_3.md delete mode 100644 content/projects/project_4.md diff --git a/content/posts/basic-javascript.md b/content/posts/basic-javascript.md new file mode 100644 index 0000000..0d434e5 --- /dev/null +++ b/content/posts/basic-javascript.md @@ -0,0 +1,40 @@ ++++ +title = 'Learning basic JavaScript with Obsidian' +date = "2024-10-08" +updated = 2024-10-08 +[taxonomies] +tags = ['programming', 'Obsidian', 'JavaScript'] ++++ + +For a little while now, I have been using Obsidian for my note taking .✍️. So far, it's been great: I love the Neovim-support, the idea and use of backlinks, the different ways in which you can arrange and use the sidepanes, adding custom states to tasks. + +As I started using Obsidian more and more, especially for my work as a SOC security analyst, I started wondering if I could 'stay' in Obsidian as much as possible, even including things like hour sheets into my workflow. I was happy to find this offline, fast and intuitive plugin, [ObsidianSimpleTimeTracker](https://github.com/Ellpeck/ObsidianSimpleTimeTracker). Incorporating this into my daily notes with a simple template, I am able to open my Obsidian vault, create a new daily note (which is automatically given the current date as the file name) and start recording my hours per task and project ⏰. Great! + +There was one thing missing though, something you definitely need when tracking hours: an overview. Of course I could sift through all the daily notes, but maybe I could create a dynamic overview of the hours worked per project per day somehow? The [Github-repo of ObsidianSimpleTimeTracker](https://github.com/Ellpeck/ObsidianSimpleTimeTracker#-tracker-data-in-dataview) has a handy example of how to load time tracker data in your vault and print the duration. I just had to rework this example to fit my needs. How hard could it be? + +First off, I don't know any JavaScript 🙈. It's a gap in my (beginner) programming skill set I hope to fill one day. But for the moment, I had nothing to go off, but to think of how I would solve this problem in a language I am more familiar with, like Python 🐍. After a few days of fiddling around, I got stuck on a for loop issue. I was able to iterate through the entries (duration of tracked work) and entry names (name given to tracked work, like a project) of each tracker in my daily notes. + +But for some reason, I **wasn't** able to do both after each other ➰. Finally, I found a solution: I had to do both at the same time 🙃 Basically, I found an answer without understanding the answer 💢. But, for the time being, a quick and dirty solution to my very personal problem is good enough. As I start learning JavaScript, I could reinvestigate this script further. For now, here is the code I have, which I still have to edit [per the very nice and helpful comments the creator of the ObsidianSimpleTimeTracker-plugin gave me](https://github.com/Ellpeck/ObsidianSimpleTimeTracker/issues/58). + +The next thing would be to build this out to a neat table, to actually give the overview that I want (this still produces a list that is too long). There's always room for improvement 👷. + +```js +let api = dv.app.plugins.plugins["simple-time-tracker"].api; + +for(let page of dv.pages('#tijd-bijhouden').sort(p => p.file.name, 'desc')) { + // load trackers in the file with the given path + + let trackers = await api.loadAllTrackers(page.file.path); + + if (trackers.length) + dv.el("strong", "Trackers in: " + page.file.name); + + for (let {section, tracker} of trackers) { + let number_of_trackers = trackers.entries.length; + for (let i = 0; i < alltrackers; i++) { + if (tracker.entries[i]) + dv.el('p', 'doel: ' + tracker.entries[i]['name'] + '
' + 'tijdsduur: ' + api.formatDuration(api.getDuration(tracker.entries[i]))) + } + } +} +``` diff --git a/content/projects/malware-development.md b/content/projects/malware-development.md new file mode 100644 index 0000000..c28952c --- /dev/null +++ b/content/projects/malware-development.md @@ -0,0 +1,20 @@ ++++ +title = "Malware development" +description = "Example description with a lot of words but without any meaning. Why use lorem ipsum when you can just write a lot of text that has no underlying meaning?" +weight = 1 +updated = 2024-09-29 +[extra] +remote_image = "https://images.unsplash.com/photo-1620121692029-d088224ddc74?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1632&q=80" ++++ + +**This is a work in progress! Here I hope to organize learnings from various malware development series and courses I am currently taking. + +# Where to place your payload + +This table showcases possible places to put your payload within a PE file with notes about the section and why to place a payload there. + +| section name | purpose | reason(s) to store payload | +|--------------|---------|----------------------------| +| `.data` | contains initialized global
and static variables | section is readable and writable,
making it suited for an encrypted payload | +| `rdata` | ? | ? | + diff --git a/content/projects/project_1.md b/content/projects/project_1.md deleted file mode 100644 index 3db5968..0000000 --- a/content/projects/project_1.md +++ /dev/null @@ -1,25 +0,0 @@ -+++ -title = "Flask SOC site" -description = "A Python-powered Flask website to look up domains, URLs and IP addresses." -weight = 1 -updated = 2024-09-12 -[extra] -remote_image = "https://code.joostagterhoek.nl/joost/flask-soc-site/media/branch/main/screenshots/screenshot-flask-soc-site-2024-09-06.jpg" -# link_to = "https://code.joostagterhoek.nl/joost/flask-soc-site" -+++ - -This is a 🐍 Python project to build a one-page website that aims to help a security operations center (SOC) analyst. You will be able to enter a host (URL, IP address, email address) and look up security-relevant information. This includes: - - - 🪳 [VirusTotal](https://virustotal.com) and [AbuseIPDB](https://abuseipdb.com) results on a URL, domain name or IP (v4 and v6) address (🔴 color-coded undetected, harmless and malicious results) - - 📧 DMARC and SPF information on domain names (also from URLs and email addresses). - - ✍️ Generic domain registration information. - -This is done with (among others) the following Python-modules: - -| module | purpose | usage | -|--------------|--------------------------------------------------------|----------------------------------------| -| `flask` | lightweight WSGI web application framework | development server | -| `Datatables` | JavaScript HTML table enhancing library | organizing and coloring lookup results | -| `requests` | HTTP library | query VirusTotal- and AbuseIPDB-APIs | -| `checkdmarc` | Python module for validating SPF and DMARC DNS records | look up SPF and DMARC records | - diff --git a/content/projects/project_2.md b/content/projects/project_2.md deleted file mode 100644 index b4ee912..0000000 --- a/content/projects/project_2.md +++ /dev/null @@ -1,24 +0,0 @@ -+++ -title = "CLI host lookup" -description = "A command-line interface tool to look up hosts (IP address, URL, domain and email address) and provide information relevant to security analysts (registrar information, SPF/DMARC records, VirusTotal and AbuseIPDB results). " -weight = 1 -updated = 2024-09-02 -[extra] -# You can also crop the image in the url by adjusting w=/h= -remote_image = "https://code.joostagterhoek.nl/joost/cli-lookup/media/branch/main/assets/imgs/README_2024-09-02_14-40-00.png" -+++ - -This is a 🐍 Python project to build a command-line interface application that aims to help a security operations center (SOC) analyst. You are able to enter a host (URL, IP address, email address) and look up security-relevant information. This includes: - - - 📧 DMARC and SPF information on domain names (also from URLs and email addresses). - - ✍️ Generic domain registration information. - -This is done with (among others) the following Python-modules: - -| module | purpose | usage | -|--------------|--------------------------------------------------------|----------------------------------------| -| `rich` | library for writing rich text to the terminal | display and color lookup results | -| `tqdm` | wraps any iterable and displays a smart progress bar | display progress for multiple lookups | -| `requests` | HTTP library | query VirusTotal- and AbuseIPDB-APIs | -| `checkdmarc` | Python module for validating SPF and DMARC DNS records | look up SPF and DMARC records | - diff --git a/content/projects/project_3.md b/content/projects/project_3.md deleted file mode 100644 index b19c2a1..0000000 --- a/content/projects/project_3.md +++ /dev/null @@ -1,10 +0,0 @@ -+++ -title = "Project 3" -description = "Example description" -weight = 1 - -[extra] -remote_image = "https://images.unsplash.com/photo-1462556791646-c201b8241a94?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1465&q=80" -+++ - -Example project page \ No newline at end of file diff --git a/content/projects/project_4.md b/content/projects/project_4.md deleted file mode 100644 index e2f218d..0000000 --- a/content/projects/project_4.md +++ /dev/null @@ -1,10 +0,0 @@ -+++ -title = "Project 4" -description = "Example description with a lot of words but without any meaning. Why use lorem ipsum when you can just write a lot of text that has no underlying meaning?" -weight = 1 - -[extra] -remote_image = "https://images.unsplash.com/photo-1620121692029-d088224ddc74?ixlib=rb-4.0.3&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1632&q=80" -+++ - -Example project page \ No newline at end of file