We’re coming up on a year of me being in Seattle and holy shit I still don’t feel settled into everything. The city itself is an amazing place to live. I’ve wanted to be in the pacific northwest since I was a teenager and now that I’m out here I couldn’t be happier. I believe now, as I believed then, that moving away from the South was the best decision for us.
In contrast of the certainty I feel about having moved to Seattle, every day at my new job is a new set of ups and downs. Working for a creative company instead of a security company was a huge shock to me. It sounds like a huge cliche to say, but I’ve come up against some definitely unique challenges. Even from an organizational perspective, how things are run is very different and I feel like I’m only now starting to wrap my head around all of it.
However, I feel I am grokking it and moving along at the fastest speed that’s available to me, even if it is slower than what is comfortable for me. What that does allow me to do though is work on projects that I haven’t touched since Georgia. There’s a lot of interesting work coming out around offensive security and malware analysis which has rekindled my interest in my off hours.
First task, is to assemble a malware analysis station again. I’d like to be able to leverage cloud based dynamic analysis services like Hybrid Analysis or Virus Total again but no longer working for a security company, I’ve found my access to these is pretty limited. Malwr says it is coming back but I suppose that’s something we’re just going to have to wait and see about. In the mean time, I guess it’s back to setting up a local instance of cuckoo.
My goal is to pull malware, find those that have <30% detection rate on Virus Total, analyze those, and find a way to automate the creation of Wazuh detections based on the IOCs discovered. A lot of this can be automated but holy shit is everything out of date. I originally wanted to start by using maltrieve but I find the code hasn’t been touched in years. Forks of the project at least somewhat work, but honestly those are pretty poorly maintained as well. I was really hoping to be further along before running into this first hurdle but here we are. So I guess before any of those other fun things, I should spend the time creating and updated maltrieve script.
Normally, I wouldn’t post about what I’m doing like this because no one cares. However, I’ve been told this can help with the Vetting process on some security sites so here we go. I guess.