3.7 KiB
title: Thought exercise: write malware to harden security of your own code author: 寮 date: 2022-09-25 tags: technology,security,privacy,webdev,internet thumbnail: write-malware-for-cyber-security.jpg threadid: ANuT4TdimQWNJ3wlZA
Remember how Satan Klaus said that we all pay insufficient attention to the frightening scenario of a massive cyber attack?
If you look at the sheer amount of soyware all around the internet, I actually think he's right.
It's almost like if he's giving all of us a last chance to either properly secure our shit, or live under his you'll own nothing and be happy dystopia.
In fact, soydevs these days don't even know or care about security, because "nah, the framework I'm using handles security for me, so I don't need to worry about that".
This is a very dangerous mentality to have?
What if the framework gets exploits?
Now all soydevs are collectively volunerable, and you'll get a whole legion of soyboys overwhelming the framework maker to pressure them to fix it as soon as possible.
What if the framework devs aren't as experienced with cyber security neither though? OH-OOOH!!
I think the biggest criminals in this case are the universities and colleges who will never teach any aspiring software developers about security at all, maybe they make you kind of aware about MySQL injections if they even teach you about that at all in current year, but other than that? Trust the frameworks goyims!!
Recently I accidentally came across a hidden service on the darknet that is filled with literal cycrims, some of which have actually been in prison for a while, others have once been able to take down an entire government infrascructure, some have once worked for the NSA, and they're not hiding it (well, it's the darknet, so what would you expect?).
Not going to link to them, you'll need to find it yourself if you're interested.
They are just writing malware, finding ways to steal money using fake credit cards (carding), and all such things.
Actually, you'll need to either know how to write malware or how to hack in order to gain full access, or otherwise you'll only have access to a section where you can learn all of that.
While I'm not interested in cycrim myself, but I do see it as a useful purpose in hardening cyber security using cycrim knowledge.
Cycrims have by far the best knowledge of cyber security, simply because they're having to deal with it every single day.
Because by far best way to resist cyber attacks is by having cyber attacking knowledge yourself.
In this case, we could actually write malware in order to strengthen security of our own software.
Because let's be honest, if you're a software developer, there is a chance that your software will become popular and mainstream, whether it be by accident or by lots of advertising (or government funding).
If you know how RATs work, you can find ways to secure yourself against ratting.
If you know how MD5 hashing works, you can fix ransomware attacks without paying anyone (ASSuming they use MD5 hashing that is).
If you know how encryption algorithms work, maybe you can create your own encryption algorithm that might perhaps be way better resistant against decryption attempts.
Sooner or later, everything will get cracked, and there's no way to make it all bulletproof forever.
You can however take steps to proactively secure your stuff, even if you're not a software developer and you just want to practise OPSEC to keep yourself as anonymous as possible.
So learn how to write your own malware, and use that as a testkit against your own software you actually want to release.
You'll be surprised by how much of a difference it makes in the long run compared to soydevs who don't give a fuck about security.