"The beginning is the most important part of the work." Plato
It's hard to start blogging. Again. When my Raspberry Pi was still my main server (died due to SD card write limits) I already had a simple blog running the CMS Backdrop. There were 5 or 6 posts there, practically collecting dust. It's an easy thing to start and a hard habit to get. So...why this blog?
Do it for yourself
Then I came across an interesting post from hacker Daniel Kelly on LinkedIn. He urged people to document their journey into cybersecurity. And he had a line that stuck with me:
You don't have to compose lengthy posts or write-ups. In the past, I've published one-liners that have helped me solve problems.
This is exactly where I got stuck in the past: each post went too long, wanted to incorporate too many topics, too many things I learned, too much explaining. When it can be better and more useful, especially for yourself, to simply write what you want to remember for later. A new technique, an approach, a command, a code structure. So, with that out of the way...
What did I learn today?
In general, I am learning a lot about how I like to approach writing. Since my deep-dive into open source software and a complete Linux experience with the amazing NLnet foundation, I prefer to write in vim in a plain terminal using git to keep tabs on my progress. No full-blown IDEs, no rich text editors. Just my keyboard (yes, no arrow buttons), some good music, pushing and pulling and writing, writing, writing.
Grav, the flat-file CMS that I am writing this blog post with, scratches exactly that (simple) itch. Before last week, I had only heard of webhooks: today, I have a Gitlab-server that syncs all the posts and edits I make to this website, if I want from a cloned repo of the pages on one of my laptops. It feels close to the ground, close to the metal, solid. It's probably why I am becoming more and more interested in malware development, from first only malware analysis. I want to understand something not abstractly, but as directly as I can. Only that way, I feel, I can comprehend and retain new information and skills.
What to expect
So! Expect to see more of these posts in the near future, either me ruminating on my selfstudy, learning and generally getting comfortable in IT and cybersecurity, or just some straight-forward technical notes from any of the many (sigh) courses and books I am doing right now. A small list, to keep myself accountable:
- Ethical Hacking Foundations: Malware Development in Windows
- Sektor7 introductory course to C++ malware development. Currently in section 2 out of 8.
- Learn Python 3 The Hard Way
- _Hands-on book to write basic Python. Currently at exercise 48_.
- Getting Started With Malware Development
- Free(!) website and YouTube-course on malware development in C++. Currently at video 1.
- An Oral History of Binary Exploitation Defenses *In-depth course on the history and techniques on buffer overflows and other binary exploitations. Currently 89% complete (still need to write more code).