Now that things are better (still a lot to learn, but not to the same degree) I'd been wanting to get back to it.
The problem though, or so I realized, was that I didn't have the right tools.
That is, there's a ton of resources, both online and with various books I'd picked up, but it's best to get hands on experience. It just makes it sink in better. And I'd borrowed my Dad's laptop to get through school. It did the job fine, though it had programs I didn't want to remove since he actually uses them... And I'd returned the laptop some time before covid hit.
I waffled around a bit at the expense of a new laptop. I figured it needed a lot of RAM and a good cpu to do the various things I was interested in, but I finally decided to take the plunge. (My tax return definitely helped with that decision.)
I finally got the new laptop Thursday and have been messing around with a few things ever since. For example, I have a copy of Practical Malware Analysis, and it's been really nice to have my laptop up and running while I work through the book. So far I haven't done too much that was new (I'd taken a class on malware analysis, and we'd used some of the tools for static analysis. That is, I knew you could get a hash of a file and use it to see if it was known malware, and we'd used the strings program to look for strings of text in a file - URLs or function calls and the like. We'd also used PEiD and the dependency walker tool, though I don't know if it's that I've got more experience in general or if it's this book, but I have a much better understanding of why we use those tools and what we're trying to find.)
Since the book is a little old and technology changes fast, I'd been looking up info on the various programs to see what the current best tools are. For example PEiD is no longer supported, and although it's still apparently the best for some things. There's a newer bit of software that does something similar, and it's sometimes good to use multiple tools because they can find different things.
Oh, and I know I'd heard that windows made some very useful changes. It's got its own built in tool to get the file hash, for example.
I've been looking at a couple of other things as well. For example OWASP has some great resources on web security that I want to play with. Some of them can run on docker containers, and since that's a useful thing to know I've been looking at using the docker images as well.
I still think I'm just at the very beginning here, but it's a good start.
It's nice to feel like I've moved from talking about it to actually doing it.
No comments:
Post a Comment