It has been over a year since I last posted on this blog. I’ve been thinking a lot about what I could write to keep it alive. I recently started my major in Information Security at Telecom SudParis and I keep on doing sysadmin/security stuff during my free time, mostly at MiNET. And I don’t really see how I could share that on a blog.
But anyway, I just finished a book, Linux Forensics by Dr. Philip Polstra. I really enjoyed it and learned some quite advanced stuff about Linux (not as much as I had expected but that was still very interesting), especially about extended filesystems. The last chapter was an introduction to malware analysis. Malwares have been intriguing me since I started caring about computer security a few years ago. I have always wondered how you could code something smart enough to conceal itself within a computer and strong enough to impact the whole system. And as I learned more and more things about how Linux systems work, I kept asking myself about how it was possible to hide a process, to trick the kernel or to bypass an antivirus. Besides, I had planned to focus my interest on reverse engineering by the end of this school year and I see it as a way to practice.
So that’s why I started exploring the huge field of malware analysis as much as my agenda allows me to, and I thought sharing my learning would be a good way of posting new stuff on this blog. It won’t be a tutorial, rather just a gathering of what I experiment, learn, think and find interesting about malware analysis. It sure is a huge field so don’t expect my posts to follow a particular path. I will follow my curiosity. I can only tell you that I will concentrate on Linux malwares since I don’t know much about Windows systems and I am kind of a GNU/Linux defender. Your comments are more than welcome as it could help me go in the right direction!
Next time I’ll do an introduction to the different types of malware. The Internet is full of contradictions about that and it is not super easy to have clear thoughts about that.