Saturday, February 8, 2014

Taming Dragons On A Daily Basis

hello world, happy you found here :]
welcome to some new blog on tech, travel, fun and $cool_things. 

wait.. new blog.. does the world seriously need another blog? ah no i didn't ask that question for real. don't quite care about the answer actually - i got my reasons.

first of all, i like to write and i like to share. so a blog is the perfect symbiosis :) pro practical approaches.

second, and virtually most important, my grandma still hasn't seen my awesome pictures of singapore, las vegas and seoul :( err.. long story short: last year i spent a lot of time on international conferences, but since i started work 24/7/365 my family has barely seen more of me than postcards. meh.. can't even remember sending postcards. so i want to compensate a bit by putting my globetrotter impressions in words and pictures. poor compensation? yes i know. but i also heard some university is already working on teleportation, so probably we get better on that end pretty soon :)

third, and interesting for the others besides grandma, i want a platform to write about my research when i find the time. i learn most when writing about stuff and i can re-read it when its written and re-think and any interested reader is highly welcome to think with me. but don't worry if you are not willing to think, i can kill my dragons myself. like.. last week i finished reversing a cute little.. malicious dropper. who'd have thought..

so FINALLY, the post title :) i taimed a dragon. its name is my-personal-inability. once it was big, scary and fire spitting. could have taken me years more to stand my (wo)man against that beast, but then - someone challenged me. that someone was halvar flake, writing a post that read to me like 'you kill that beast and i get you to singapore'. looked at the dragon, googled singapore, thought awww don't know.. fuck it.. lets do it. and know what? me 1 - dragon 0! 

the challenge happened now exactly a year ago. it costed me time, nerves, grey hair, you name it. it was about reverse engineering a 'thorny' piece of malware, as halvar called it. that thing was a file-infecting spy-bot, multi-threaded, a bit obfuscated, some anti-debugging; challenging indeed. but obviously not impossible!

who ever tried on reverse engineering, it's captivating. it's you against your debugger of choice, life is happening elsewhere, and after a weekend you find out you CAN spend days in your pyjamas and actually forget to eat, sleep or shower. but let me tell you, any of these three are overrated when you have to stand up against a dragon :)

long story short, did it, won. but what does winning mean? that challenge didn’t actually just mean I got to go to singapore. it did not only mean I got to meet the most awesome people of that infosec-hacking-whatnot-community. it was a strikingly awesome experience, but not. only. that.

what this whole project did was showing me that i can achieve more than i had ever imagined. i am no hacker today, i was no hacker back then. just saw challenge - girl - malware and smelled a chance. thinking, what if it would have been for any motivated participant? i wouldn’t have imagined it as possible to do. no worries about winning, even impossible to finish.

why? because i thought i could never be good at this. whole scary IDA Pro was a mystery to me. dragon, if you will.

SOOU what did that challenge give me? a new perspective. courage. it made me learn A LOT in a short time. it pointed out new possibilities, one can learn a lot in some time – let alone one takes a LOT of time, imagine that?! 

and it gave me a tame little dragon, that now jumps happily at any other challenge that pops up.

more about that dragon challenge you find on halvar's blog.

more about my personal challenges you will soon find here: a write up of that malicious dropper, pictures that grandma hasn't seen, write up of my highschool talk on why girls should do more reverse engineering - stay tuned.

No comments:

Post a Comment