Updating the authors
This commit is contained in:
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "README"
|
title: "README"
|
||||||
date: 2019-08-01
|
date: 2019-08-01
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,12 +1,21 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Bad Malware Analysis: Character Count"
|
title: "Bad Malware Analysis: Character Count"
|
||||||
date: 2020-03-06
|
date: 2020-03-06
|
||||||
draft: false
|
draft: false
|
||||||
|
tags:
|
||||||
|
- malware analysis
|
||||||
|
- string analysis
|
||||||
|
- character frequency
|
||||||
|
- security research
|
||||||
|
- humor
|
||||||
|
summary: |
|
||||||
|
In this tongue‑in‑cheek post we dive deep—actually *deeper* than usual—into the world of malware string analysis by counting individual characters. After pulling roughly 500 malicious samples from theZoo and dasMalwerk and comparing them against a hefty collection of benign binaries, we discovered that a handful of seemingly innocuous characters (v, j, ;, , 4, q, 5, /) pop up more often in the bad guys’ code. By looking at raw counts and then normalising those counts by file size, we expose why naïve “character‑frequency” heuristics are both amusing and alarmingly unreliable. The piece is deliberately over‑the‑top, aiming to entertain seasoned security folks while reminding everyone that good malware hunting requires more nuance than a simple character checklist.
|
||||||
---
|
---
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
I'm thinking of doing a series on bad malware analysis. Hopefully it'll be fun and at least a little informative.
|
|
||||||
|
|
||||||
|
I'm thinking of doing a series on bad malware analysis. Hopefully it'll be fun and at least a little informative.
|
||||||
|
|
||||||
Today's post consists of performing a string analysis on malware. Where most string analysis looks at the big picture, I thought I would take it a step further and look at individual characters. This approach is terrible, as you will soon see.
|
Today's post consists of performing a string analysis on malware. Where most string analysis looks at the big picture, I thought I would take it a step further and look at individual characters. This approach is terrible, as you will soon see.
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Bad Malware Analysis: Hash Letter Counts"
|
title: "Bad Malware Analysis: Hash Letter Counts"
|
||||||
date: 2020-04-12
|
date: 2020-04-12
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Bad Malware Analysis: String Count vs File Size"
|
title: "Bad Malware Analysis: String Count vs File Size"
|
||||||
date: 2021-03-08T20:20:31Z
|
date: 2021-03-08T20:20:31Z
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Bad Password Analysis: Consecutive Character Patterns"
|
title: "Bad Password Analysis: Consecutive Character Patterns"
|
||||||
date: 2020-09-16
|
date: 2020-09-16
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Bad Password Analysis Dictionary Words"
|
title: "Bad Password Analysis Dictionary Words"
|
||||||
date: 2021-03-11T18:55:01Z
|
date: 2021-03-11T18:55:01Z
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Metaphors: Code Complete Summations"
|
title: "Metaphors: Code Complete Summations"
|
||||||
date: 2023-11-13
|
date: 2023-11-13
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Pre-Requisites (Part I) Initial Design: Code Complete Summations"
|
title: "Pre-Requisites (Part I) Initial Design: Code Complete Summations"
|
||||||
date: 2023-12-20
|
date: 2023-12-20
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Pre-Requisites (Part II) Initial Design: Code Complete Summations"
|
title: "Pre-Requisites (Part II) Initial Design: Code Complete Summations"
|
||||||
date: 2023-12-26
|
date: 2023-12-26
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Pre-Requisites (Part III) Initial Design: Code Complete Summations"
|
title: "Pre-Requisites (Part III) Initial Design: Code Complete Summations"
|
||||||
date: 2024-03-05
|
date: 2024-03-05
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Variable Usage: Code Complete Summations"
|
title: "Variable Usage: Code Complete Summations"
|
||||||
date: 2024-02-23
|
date: 2024-02-23
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Exploring Enrollment over Secure Transport"
|
title: "Exploring Enrollment over Secure Transport"
|
||||||
date: 2023-03-30
|
date: 2023-03-30
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Fast Flux Botnet Overview"
|
title: "Fast Flux Botnet Overview"
|
||||||
date: 2019-09-26
|
date: 2019-09-26
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
author: "Lumo (AI) & Human Editor"
|
author: "Lumo (AI) & Halvo (Human)"
|
||||||
date: 2026-01-15
|
date: 2026-01-15
|
||||||
title: "Using AI as My Daily Driver at Work"
|
title: "Using AI as My Daily Driver at Work"
|
||||||
draft: false
|
draft: false
|
||||||
@@ -9,8 +9,6 @@ summary: "A fresh Software Engineer II shares how internal AI tools and Lumo a
|
|||||||
|
|
||||||
<!-- All blog posts generated by AI will be marked as such at the top. -->
|
<!-- All blog posts generated by AI will be marked as such at the top. -->
|
||||||
|
|
||||||
# Using AI as My Daily Driver at Work
|
|
||||||
|
|
||||||
## Why I’m Jumping on the AI Bandwagon
|
## Why I’m Jumping on the AI Bandwagon
|
||||||
|
|
||||||
In my new position, at my new company, as a Software Engineer II, I finally got the chance to treat AI like a coworker instead of a distant sci‑fi concept. Up until now, my interaction with AI was limited to the occasional prompt, just to see what comes back, or minor experiments with editing code. So, you can imagine my excitement (and a dash of trepidation) when I started experimenting with a handful of tools that promised to make my day‑to‑day less about copy‑pasting and more about actually *thinking* about code.
|
In my new position, at my new company, as a Software Engineer II, I finally got the chance to treat AI like a coworker instead of a distant sci‑fi concept. Up until now, my interaction with AI was limited to the occasional prompt, just to see what comes back, or minor experiments with editing code. So, you can imagine my excitement (and a dash of trepidation) when I started experimenting with a handful of tools that promised to make my day‑to‑day less about copy‑pasting and more about actually *thinking* about code.
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Pseudo Random Number generators"
|
title: "Pseudo Random Number generators"
|
||||||
date: 2024-03-22
|
date: 2024-03-22
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Random Algorithm Analysis"
|
title: "Random Algorithm Analysis"
|
||||||
date: 2020-04-17
|
date: 2020-04-17
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "RSA Optimization"
|
title: "RSA Optimization"
|
||||||
date: 2022-12-06
|
date: 2022-12-06
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Concurrency: Summations of Secure Coding in C and C++"
|
title: "Concurrency: Summations of Secure Coding in C and C++"
|
||||||
date: 2023-01-27
|
date: 2023-01-27
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Concurrency: Summations of Secure Coding in C and C++"
|
title: "Concurrency: Summations of Secure Coding in C and C++"
|
||||||
date: 2023-06-29
|
date: 2023-06-29
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Set to NULL After Free: Summations of Secure Coding in C and C++"
|
title: "Set to NULL After Free: Summations of Secure Coding in C and C++"
|
||||||
date: 2022-08-17
|
date: 2022-08-17
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Always null Terminate (Part 2): Summations of Secure Coding in C and C++"
|
title: "Always null Terminate (Part 2): Summations of Secure Coding in C and C++"
|
||||||
date: 2022-08-13
|
date: 2022-08-13
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Always null Terminate: Summations of Secure Coding in C and C++"
|
title: "Always null Terminate: Summations of Secure Coding in C and C++"
|
||||||
date: 2021-09-01
|
date: 2021-09-01
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
author: "Halvo (Human)"
|
||||||
title: "Stateless Detection of Malicious Traffic"
|
title: "Stateless Detection of Malicious Traffic"
|
||||||
date: 2019-08-23
|
date: 2019-08-23
|
||||||
draft: false
|
draft: false
|
||||||
|
|||||||
Reference in New Issue
Block a user