Tag Archives: malware

Personal Projects and ChatGPT

A Fun Way To Build Your Resume

Let me preface this by explaining how the Online Capstone Project works (if you aren’t enrolled in the class). We are mostly focused on working on our specific projects. In my case that is the Malware Analysis project. However, we still have posted reading on a weekly basis. These serve as short introductions to useful material for students preparing to finish their academics and move into the professional world in the realm of software engineering. This week, one of the “Explorations” was titled “Programming Projects” [1]. In short, this class article described how building hobby projects is a good way to build out your resume, especially if you are light on work experience in your chosen field.

Let’s first consider the benefit of working on your own personal project. Well there is the obvious benefit, it shows a direct example and proof of your skills to employers. However, it also shows motivation and the ability to bring a project from start to completion [1]. Beyond just resume building, it can also be a great way to build up new skills and gain experience in new technologies.

Sounds great right? Well if you are anything like me, often the hardest part of this process is deciding on a project and getting started. There are unlimited possibilities when it comes to designing your own personal project. What do you do if you cant decide?

ChatGPT to the Rescue

Honestly, this Exploration got me thinking…..and thinking. Lately, even before this article, I had been wanting to start a personal project, especially as my time in this program wanes. I like to feel like I am always learning. However, I am often quite indecisive. I research and come up with ideas, and often get so bogged down in the decisions I don’t even end up starting anything.

I am sure you have heard of ChatGPT. It has been everywhere in the news lately. It is an AI chatbot that operates in a conversational manner [2]. You can ask it any question and have an actual conversation with it. It remembers previous questions and statements so that you can refer back to things said earlier in the conversation. It’s very cool.

Well, I thought, maybe Chat GPT can help me decide on an idea for a personal project? My idea was that I would tell it a bit about what skills I had and what I wanted to work on. I even thought that I could tell it my timeframe for completing a project and have it give me options based on that as well.

Prompts

Instead of just telling you about the results I received, I thought I would build out this blog post to include prompt suggestions if you want to use ChatGPT for similar reasons. I find that I get the most out of ChatGPT when I am as specific as possible. Therefore we have two options here. We can either tell it exactly what we want: a general topic, a technology and a timeframe. Or, we could set up ChatGPT in a manner that lets us perform the same process for multiple project ideas.

In preparation for this article, I spent quite a bit of time experimenting with prompts and found the following to be the most successful.

ChaptGPT: Intro Prompt

We ask Chat GPT to generate a project idea for us based on a general topic, technology and a timeframe. We also ask it to breakdown the project based on learning outcomes, skill prerequisites and how to get started. Lets see what ChatGPT gives us in response.

ChatGPT: Response Part 1
ChatGPT: Response Part 2

Wow! ChatGPT gave us exactly what we asked for. Now we have a decent outline for this sample project. It even gave us a week by week task breakdown. What if we want an alternative project? Lets ask ChatGPT!

ChatGPT: Alternative Project Part 1
ChatGPT: Alternative Project Part 2

Another great idea! We get another detailed project outline, with enough information to get us started.

What if we have questions for ChatGPT about the prerequisites? We will tell ChatGPT that we are not confident in our machine learning concepts. Lets have it give us a recommendation for how to proceed.

ChatGPT: Follow-up Prompt

ChatGPT has given us an outline for how to develop our machine learning fundamentals before we tackle the project. It even recommended online courses and books to read.

Conclusions

Well I think that it is clear that this is a great way to generate project ideas in a fun and interactive manner. I have shown enough to get you started, but you can really take this as far as you would like. You can ask ChatGPT to flesh out the outline more. You can ask it to give you additional resources for learning skills. The possibilities are endless. Just make sure to keep in mind that ChatGPT doesn’t always return up to date or correct information. It was trained on information that ended in 2021. So take everything with a grain of salt.

References

  1. https://canvas.oregonstate.edu/courses/1901255/pages/exploration-programming-projects?module_item_id=22693141
  2. https://openai.com/blog/chatgpt/

An Update: What I’ve Been Up To

Photo by Kevin Ku on Unsplash

During my last blog post, I briefly introduced my project for this term. I cant really believe it, but we are coming upon the Midpoint Archive assignment next week. If you aren’t aware of what that assignment entails, we basically need to compile and report on everything we have been working on over the last few weeks. I imagine that it is supposed to signify the halfway (Mid) point of the Capstone Project. Regardless, time has really been shooting by at light speed. It may seem late, but I think that now is actually the perfect time to give you a more in depth introduction to my project and what my team has accomplished over the last month. I have firmly wrapped my head around exactly what we are doing and what is expected of our final results.

My project is the Malware Analysis research project. Briefly, our goal is to document the process of setting up a safe virtual lab environment to use for malware analysis and then to document the basics of the actual analysis. No one on my team has ever dealt with malware in an educational manner before. Additionally, there are certain characteristics that the virtual needs to conform to, in order to be safe to use. While we have all had some experience with virtual machines in the past, the specifics of this project were new to all of us. What does this all mean? It meant that we had to accomplish a lot of work up front in order to contextualize, for ourselves, exactly what we were going to be accomplishing. This is part of the reason I held back on this particular post. It is hard to talk about what you are doing when part of the project entails figuring that out. Yes, we had specific goals. But how do you set up a virtual network? What hypervisor should we use? What is Basic Static Analysis? What is Basic Dynamic Analysis? These are the types of questions we had to consider during the planning stages of this project.

We had a lot of questions, and taking the time to answer these questions for ourselves meant that we ended up with a fairly robust project plan. We built out background information that helped us determine why someone might want to engage with a project like ours. We also defined, for ourselves, a lot of the terms specific to this project and malware analysis. For example, basic static analysis refers to when an analyst studies a piece if malware without actual viewing the actual code or running the malware [1]. Basic dynamic analysis refers to when an analyst studies the behavior of malware while it is actually running using various techniques and tools [2]. We broke down tasks as much as we would and decided what each of us would be working on from week to week. We also decided on the tools we would be using during the completion of our research project. For example, we decided on using the Virtual Machine Hypervisor VMware Workstation Pro. A Hypervisor is software that generates and hosts virtual machines [3]. This hypervisor is not free, like some of the alternatives [4]. However, Oregon State University offers licenses to active students. It offers a lot of control over settings for Virtual Machines and Virtual Networks [4]. Because we are dealing with malware, we wanted to have as much control over our lab environment as possible.

Photo by Jason Goodman on Unsplash

Once we had our general plan, we moved to actually setting up the Lab Environment. This took a bit over a week to set up properly. We took our time for set up and documentation in order to make sure that our environment met our specifications exactly. We did not want to take chances when dealing with malware. Even though we will not be dealing with extremely dangerous samples, the point of this project is to generate a guide that malware analysts can use to get started with their own endeavors. Additionally, this set up has many different parts. We first had to create new Virtual Machines. We ended up generating three machines, one Windows 10 and two Linux. We also needed to set up the machines with any necessary tools, for analysis, before they were disconnected from the Internet. We then needed to create a virtual network. A virtual network is a network that is created using software instead of hardware [5]. This virtual network needed to be as isolated from the physical machine and live Internet as it possibly could. Next, you have to set up the machines to use this custom virtual network. Finally, you need to adjust any other miscellaneous settings for maximum safety.

Furthermore, this past week we actually began analyzing a real malware sample. We made sure to properly source the malware. We then performed several methods belonging to Static Analysis on the sample. These included computing hash values for files and running them against known signatures, String Search, and PE Header Analysis. Perhaps in a future blog I will delve deeper into what these techniques entail. But, I don’t want to bloat this post too much with a long aside. Overall, we were able to learn information about the sample using various tools and techniques. We documented how we accomplished all of these tasks as we went.

Photo by Drew Beamer on Unsplash

Finally, lets briefly talk about what will be coming up for our team in the next few weeks. The next task we need to accomplish is to begin Dynamic Analysis of the sample. This will involve actually running the malware (exciting!). We will get to see firsthand how it behaves. I have a feeling that this will be the most exciting portion of the project. After that, we will be repeating the processes for other samples. Finally, if we have time, we will be completing a secret (for you) extension of the project. Be sure to stay tuned to learn more!

References:

  1. Ninja, Security. “Static Malware Analysis.” Infosec Resources, Infosec Resources, 12 June 2021, https://resources.infosecinstitute.com/topic/malware-analysis-basics-static-analysis/#:~:text=Basic%20static%20analysis%20consists%20of%20examining%20the%20executable,will%20allow%20you%20to%20produce%20simple%20network%20signatures.
  2. “Basic Dynamic Analysis.” Infosec, Infosec, 8 Nov. 2022, https://www.infosecinstitute.com/skills/courses/basic-dynamic-analysis/.
  3. “What Is a Hypervisor?: Vmware Glossary.” VMware, 21 Jan. 2023, https://www.vmware.com/topics/glossary/content/hypervisor.html.
  4. “Windows VM: Workstation Pro.” VMware, 3 Feb. 2023, https://www.vmware.com/products/workstation-pro.html.
  5. “What Is Virtual Networking?” VMware, VMware, 25 Jan. 2023, https://www.vmware.com/topics/glossary/content/virtual-networking.html.