techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

5.4K
active users

#entropy

1 post1 participant0 posts today

My computer is dying. Heat problem. A fan is failing.
 The part is discontinued. the laptop is only 5 years old. Having trouble finding the exact part# for the fan assembly even on like Ebay and Amazon and Alibaba. Can't afford new computer. Need new glasses too. Can't afford them either. can't afford my insurance premiums either. might just cash in my IRA. It's tanking with the stock market anyway.

It struck me this morning that money is like energy, and like energy you can inject more of it into a system to lower the total entropy of the system, but without it the entropy just keeps increasing. Conversely as DOG(e)(gy) sucks money out of the US system, the entropy is increasing at a really fast rate, and goddess knows where the chaos will lead us.

anyway. this text is from my Patreon. I usually post art i'm working on, not just thoughts about the sorry state off my finances. but anyway if you want to join please do. there's a free option, even.

patreon.com/detritus

#doge#entropy#chaos

How do you people have the will to keep your computers organized? I used to put different things in order in its own folder. Since couple of years the chaos took over and I dump everything in Downloads since. That folder is now 200+ gb mainly various document. I guess #entropy won. 😭

MalChela Updates: New Features and Enhancements

It’s been just over a week since MalChela was initially released and already here have been a number of updates.

mStrings

In the previous post, I walked through the new mStrings function. I think this is one of my favorites so far. It extracts strings from a file and uses Sigma rules defined in YAML against the strings to evaluate threats and align results to the MITRE ATT&CK framework.

For fun I pointed it at an old WannaCry sample . I had a proud papa moment at the positive network IOC detection.

Check for Updates

Next came a function to automatically check the GitHub repo for updates and encourage a git pull to grab the latest… because apparently I can’t stop myself and this project will just keep growing, as my sleep keeps dwindling. Personally I found it ironic that you have to update in order to get the update telling you that updates are available… but it will work for all future updates as they come. So go ahead and update why don’t you.

Screenshot of MalChela indicating an update is available via git.

New File Analyzer module

Most recently a File Analyzer module has been added. Give it the path to your suspect file and it will return back:

  • SHA-256 Hash
  • Entropy (<7.5=high)
  • A RegEx detection for packing (mileage may vary)
  • PE Header info if it’s a PE
  • File Metadata
  • Yara Matches (any rules in yara_rules folder in workspace)
  • If there’s a positive match for the hash on VirusTotal (leverages the same key as previously in MalChela with the Virus Total / Malware Bazaar lookup)

Lastly, you’re given the option of whether or not you want to run strings on the file, or return to the main menu.

I really like the idea of using this as a possible first step in static analysis. Run this first and opt for strings. Things look interesting there, throw it into mStrings. Positive match on VirusTotal – use the malware hash lookup and get a more detailed analysis. Use the results from mStrings to craft a YARA rule and add it to your repo for future detections.

#DFIR#Entropy#Hash

I was just sweeping the house, and meditating on how correct Erwin #Schrödinger was about the efficiency of life increasing #entropy. And how the #SecondLawOfThermodynamics might suggest life appears everywhere possible, in order to accelerate this.

All over the universe, there are organisms sweeping up dust from their spaceships, and wondering why their offspring never get out of their pods and pick up a broom to help.