forgot some posts
This commit is contained in:
parent
2fe4d74cb0
commit
cc6760d53d
25
content/posts/learning-malware-analysis-again.md
Normal file
25
content/posts/learning-malware-analysis-again.md
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
+++
|
||||||
|
title = "I want to learn malware analysis (again)"
|
||||||
|
date = 2024-08-28
|
||||||
|
updated = 2024-08-29
|
||||||
|
[taxonomies]
|
||||||
|
tags = ['malware analysis']
|
||||||
|
+++
|
||||||
|
|
||||||
|
## What got me hooked
|
||||||
|
|
||||||
|
The heading says it all: I *really* want to learn malware analysis. Ever since I finalized the [Practical Malware Analysis & Triage](https://academy.tcm-sec.com/p/practical-malware-analysis-triage) course by [TCM Security](https://academy.tcm-sec.com/), I was hooked. I 💚loved💚 the entire course, especially diving deep into binaries, (trying) reverse engineering, debugging. I went through all the material, did the labs and wrote up a report, a (very shallow) static and dynamic analysis of a WannaCry-sample. I found my niche (or so I thought...)
|
||||||
|
|
||||||
|
## Rabbit holes
|
||||||
|
|
||||||
|
One thing that bothered me throughout the course, was the lack of direction and stable ground when investigating and debugging binaries. I found myself stuck reverse engineering functions that were not user written code (C runtime for example). I got close to a particularly interesting part, stepping into and over functions, all to ultimately never reach that goal of finding a specific return value or determining a critical execution flow junction. So I thought to myself: what's the best way to learn how programs work, and flip them inside out? By building them myself! With that motivation, I dove deep back into Python 🐍, thinking, this will be a good starting ground to hop over to C 🖥️ later. But...I think I got stuck at the first step! 🛑 Over the last year, I got really hooked on programming. Some of the stuff I (partially) made:
|
||||||
|
|
||||||
|
* A [`Flask`](https://flask.palletsprojects.com/en/3.0.x/) website to look up individual URLs, websites, IP addresses and email addresses for general security analysis purposes. [(Code and screenshots here)](https://code.joostagterhoek.nl/joost/flask-soc-site).
|
||||||
|
* A command-line interface tool that does the same, without the upload feature. I still need to add relevant emphasis on certain values and legend explanations. The tables are drawn with the [`rich`](https://rich.readthedocs.io/en/stable/introduction.html) module. [(Code and screenshots here)](https://code.joostagterhoek.nl/joost/cli-lookup)
|
||||||
|
* Finally, the same idea, now in a [`Tkinter`](https://docs.python.org/3/library/tkinter.html#module-tkinter) GUI app. I'm currently reimplementing the basically functioning app into classes for the main app and the frames, which is proving quite challenging. ([Code and screenshots here](https://code.joostagterhoek.nl/joost/gui-host-lookup))
|
||||||
|
|
||||||
|
## Refocused (with more experience)
|
||||||
|
|
||||||
|
Trying to get back into malware analysis, malware study in general, has been really difficult for the past couple of weeks: the Practical Malware Analysis-book I was working with feels entirely foreign (I also can't get the labs to properly function, as it's all Windows XP-based and the executables don't do what the book says). After some frustrated attempts, I will now refocus on my two main interests in the field of malware: developing 🏗️ and reverse engineering 🖥️ .
|
||||||
|
|
||||||
|
Developing I hope to do with my brand-new lifetime access to [Maldev Academy](https://maldevacademy.com). Reverse engineering by reading and practicing along with the (so far very practical) book [Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation](https://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315). I hope to post any notes or blog posts about my progress here.
|
23
content/posts/syncing-works.md
Normal file
23
content/posts/syncing-works.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
+++
|
||||||
|
title = "Syncing works"
|
||||||
|
date = 2024-09-08
|
||||||
|
updated = 2024-09-08
|
||||||
|
[taxonomies]
|
||||||
|
tags = ['self-hosting', 'zola', 'automation', 'systemd']
|
||||||
|
+++
|
||||||
|
|
||||||
|
## rsync and systemd
|
||||||
|
|
||||||
|
I am quite 🤩 ecstatic 🤩: I got a seamless sync working between my local Git-controlled site content and my server! The way I did it:
|
||||||
|
|
||||||
|
1. use rsync to sync local files to the server in a normal user-owned folder
|
||||||
|
2. setup another rsync-script owned by the `zola` user on the server
|
||||||
|
3. create a `systemd` unit path and service that syncs these files with the proper ownership to the folders where the `zola` service watches for changes
|
||||||
|
4. 💸 profit!
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
Online resources that helped me with this:
|
||||||
|
|
||||||
|
- [Using systemd Path Units to Monitor Files and Directories](https://www.putorius.net/systemd-path-units.html)
|
||||||
|
- [How to run systemd service as specific user and group in Linux](https://www.golinuxcloud.com/run-systemd-service-specific-user-group-linux/)
|
Loading…
Reference in New Issue
Block a user