Knowing Null: DTM - Developing That Malware

interview
#1

Hiya!

Yes, it’s time for another exciting interview with one of 0x00sec’s notable and notorious members! Last time, you all voted for @dtm so, let’s jump into it. Remember to stick around after to vote for next KN, and feel free to post follow up questions in the comments below!

Hello! Thanks for doing this. First, can you give us some background on who you are and what you do inside the info-sec sphere?

Yeah, no problem. I'm dtm, mechatronics engineer student turned comp sci. I used to have interests in the world of science but could never really get along well with mathematics so, one day, when I had enough of doing 3-4 pages of calculus, I had enough and jumped ship. I've always kinda had a (skid) thing for hacking stuff so when I learned how to program in uni I noticed that this could be the entry point where I could actually start the long journey to 1337ness. As for what I do in infosec, malware always fascinated me so I started learn how they worked, looked up source codes on VX, discovered the Windows API and went on trying to code my own. And since my first proper programming language was C, I had also been taught the low level side of how computer programs worked and it introduced me to reverse engineering in assembly. Combine those two and I went onwards into malware analysis.

These days I am looking to work on my offensive abilities. Currently learned basic Linux and Windows exploitation development, reversing some pwnables back into C for code auditing, and penetration testing in the near future.

So it sounds like this was a hobby interest. How did you you transition into a professional career?

Yes, it was a hobby until I went into comp sci and realized that I could do it *and* get paid hah. I'm not employed in an infosec career but I am looking. Got an interview real soon at a pentesting consulting company so wish me luck!

Absolutely, good luck! Do you have any advice for others looking to get into malware analysis? Any favorite resources?

I'd say that malware analysis is just like any other kind of reverse engineering and in being so, it has a higher skill floor that's required compared to other areas. Already knowing how to develop malware was a plus for me because it helped me identify similar functionality/patterns in the code structure. I'd say dig deep into fundamentals such as how programs work, assembly language, operating systems, the general reverse engineering content.

Resources are abundant on Google and trust me when I say this because that's literally all I've been doing for the past 4 years, just hoard it all, everything that you can get your hands on, and then study it. Find forums, research papers, source code, GitHub, Twitter, YouTube has great channels (MalwareAnalysisForHedgehogs, OALabs). Then go out and find some malware, wild or not, and analyze them.

Besides math, are there any big challenges you’ve run into and possibly overcome?

Besides the obvious challenges every day when I study infosec, I do have issues when it comes to social interaction. It's not that I don't like it, I actually enjoy socializing, but I think I've become *too* comfortable with being alone which kinda led me to isolate myself and shy away from looking to meet others and make any meaningful relationships. Over the past year I've just told myself to suck it up and participate in my uni's security club which was nice. Doing the security courses has also helped with that and I've since then made a new group of friends (woo me!). Still a work in progress but I'll take what I've got so far.

I’m sure more than a few of our members can relate. I know I can. Let’s move on to some fun, personal stuff. What’s your home setup like? OS? Distro?

Windows 10, on both laptops! I did use Ubuntu for the majority of last year but it didn't work well since this laptop is a bit dated and using Windows VMs + other things like browsers with a 10+ tabs hit my system pretty badly. Whenever I had a Windows VM open as well as downloading a 1GB+ file from Mega, my computer would thrash. So I've converted back to Windows because that's where I do my work and it's most optimal for me. I would use Windows 7 but it's a bit old and support for it is ending soon.

You already mentioned C, but are there any other languages you like to use? And go-to software?

I kinda dabble with C++ but, to be honest, I don't really actually use nor like it. I use Python for some quick exploit development. PowerShell is a bit rare, don't really know it that well. Hardly use x86 Intel assembly to write but it comes in handy for developing specific malware functionality as well as solving some CTF challenges. I've been studying Rust for the past month and it's pretty good so far so I'll switch to using that as default hopefully.

Browser: Firefox, C/C++ Windows development: Microsoft Visual Studio, Other languages/development: VS Code, Text editor: Sublime Text, Disassembler: IDA Pro, Debugger: x64dbg/Windbg, Windows command line tool: Cmder/PowerShell

Got any fun gadgets or cool hardware?

I'd like to say yes but I'm not that interested in hardware. Basic lock picks are really all I have after I got into that phase. I'm a software kinda person.

Ah, a common hacker hobby. Before we move on to our last section, do you have any hobbies or interested outside infosec?

Besides the basic stuff like listening to music 24/7 and watching movies, I would like to say cruising around on my penny board but it seems like friends don't have time for that anymore. I actually started escape rooming recently and it's very fun and challenging. Got a 100% win rate (2/2) for that so far. Can't break the streak now.

Come out to CO sometime and we can cruise! Alright, our last section focuses on the 0x00sec community. First, how’d you find this place?

I was originally on Null Byte but when the riots happened, pry0cc and friends founded this place. I am one of said friends.

As one of the first members, how’s it been watching the community grow?

It's exciting to see it expand and get exposure on a variety of different places like other forums, Twitter, Reddit, even friends over at my uni's security club know of it. At first I was skeptical but I think we've made it. I'm super proud of it and happy. I like to check the user count every so often. I think we were at 3000 at the beginning of last year and right now it's... 5715!

Do you have any advice for up-and-coming hackers here at 0x00sec?

Though I don't really consider myself a "hacker," nor do I claim to know how to become one, I do have some things to say. There's no secret formula to it unless you have some natural talent for it. Either way, it's no different than becoming anything else. You read, understand, practice, repeat. Start from the boring basics and theory, everyone has to go through it but once you hit the top of the roller coaster, it's all worth it. As I said before, hoard all the resources you can and read it all. I see a lot of people complain that resources are old, so what? That's where it all started, the fundamentals. We didn't come to build rockets flying into space from nothing. So learn it anyway, it's great if you're a beginner, and it might be worth something. Maybe you'll discover a new technique or learn something you didn't know. Don't be discouraged by all the new things happening, fancy exploitation protection mechanisms, next-gen, machine learning AV, etc. You'll get there eventually, you just gotta grind like everybody else. When you think you've understood a concept I'd recommend trying to teach it to others. If you can teach it, then you know you've learned it. Lastly, venture out of your comfort zone and push boundaries. You won't get anywhere sitting comfortably in the corner.

Great stuff there, man. Anything else you’d like to say to the community?

I'd like to thank the founders of this place for providing me a platform where I can push out educational content. pry0cc, especially, for toughening it out over the many years to manage this place with fraq. ricksanchez, the absolute God-tier warden, for keeping this super clean and tidy. Every other contributor to the forums deserve praise as well. Every time someone pushes out great resources I get a little bit excited because I know 0x00sec takes one step closer to recognition in the infosec community and becoming something even greater than ourselves. Super proud of everyone, thank you all!

Alright, last question before I let you go. What HEX color is your “hat”?

#696969

Nice. Thanks so much dtm!

Thank you too for these interviews!

Vote Time!

You know what to do!

  • Nitrax
  • nugget
  • IoTh1nkN0t
  • _py
  • egy
  • slobber
  • yuu

0 voters

18 Likes

#2

Thanks a bunch for the interview, @dtm!

3 Likes

(Un4ckn0wl3z) #3

I’m a big fan of Dontrustme on Null Byte. Your “Security-Oriented C Tutorial” is very nice series . Thank @dtm

5 Likes

#4

Awesome content as always! Keep going the good work.

Best,
Nitrax

2 Likes

(EternalEclipse) #5

Awesome stuff!

Btw if you’re googling it it’s actually spelled DonTrustMe.

3 Likes

#6

love just about everything @dtm puts out, bangers just about all the time :slight_smile:

3 Likes

(system) closed #7

This topic was automatically closed after 30 days. New replies are no longer allowed.

0 Likes