Adding additional summaries and tags

content/posts/bad-malware-analysis-hash-letter-counts.md

@@ -3,6 +3,17 @@ author: "Halvo (Human)"
 title: "Bad Malware Analysis: Hash Letter Counts"
 date: 2020-04-12
 draft: false
+tags:
+  - malware-analysis
+  - hashing
+  - sha512
+  - hexadecimal-frequency
+  - statistical-bias
+  - ids-signatures
+  - research-notes
+  - cryptography-limitations
+summary: |
+  A tongue‑in‑cheek look at whether tiny quirks in SHA‑512 hex digits can hint at malicious binaries. Spoiler: the bias is so slight you’d need a microscope—and a lot of samples—to spot it.
 ---
 
 ## Introduction

content/posts/bad-malware-analysis-string-size-ratio.md

@@ -3,6 +3,17 @@ author: "Halvo (Human)"
 title: "Bad Malware Analysis: String Count vs File Size"
 date: 2021-03-08T20:20:31Z
 draft: false
+tags:
+  - malware-analysis
+  - strings-per-kb
+  - binary-static-analysis
+  - packing-detection
+  - heuristic-signatures
+  - python-scripting
+  - data-driven-security
+  - research-notes
+summary: |
+  In this delightfully “bad” foray into malware hunting, we ask whether the sheer amount of printable text inside a binary can betray its nefarious nature. By hashing (oops, counting) strings of lengths 2‑6 bytes in ~500 malicious samples versus 200 tidy Windows libraries, we compute “strings‑per‑KB”. The results are modest but tasty: at a 4‑byte cutoff, benign binaries sport roughly 22 % more strings per kilobyte than their shady cousins—a hint that packed or encrypted malware keeps its chatter to a whisper. Short 2‑byte fragments are just random noise, while 5‑ and 6‑byte strings level out, possibly thanks to debug messages. Bottom line? String density offers a cheeky heuristic, but it’s no silver bullet—still fun to poke at, especially when you love sprinkling a dash of Python over binary mysteries.
 ---
 
 ## Introduction