Logo
RSS Feed

Analyst

If you’ve ever read “Sherlock Holmes” by Arthur Conan Doyle, you might recall 🤔 this Dr. Watson saying the following: “When I hear you give your reasons,” I remarked, “the thing always appears to me to be so ridiculously simple that I could easily do it myself, though at each successive instance of your reasoning I am baffled until you explain your process. And yet I believe that my eyes are as good as yours” (Bohemia.1.12-13). That’s right - more than often things are actually way simpler than they appear at the first glance! It only takes a good explanation to get it quickly or several hours 🕰 of digging ⛏️ . What I am doing is digging for you 😊.

I strongly believe that any person can get any idea, any notion so long as it’s explained simply. Anything can be broken down to just simple and small building blocks. For example, consider “Code” by Charles Petzhold (consider reading this treasure if you haven’t already, believe me, it’s totally worth it). Things he’s explaining are so complex, but yet they seem to be so simple!

Albert Einstein once said: “If you can’t explain it to a six year old, you don’t understand it yourself”. Well, at least I think it was him, I’m really not very good at telling who said what, to be honest. But whoever said that, he couldn’t be more right!

That’s the main idea of my blog: explain really bewildering stuff as simple as I can, literally dissecting abstruse topics into small pieces. That’s exactly how I managed to get them myself. This is achieved via three main tools: visualization, spoken or literary language and analogies.

There are several sections on this website:

  • ✍🏻 Blog. I use the Blog section for specific practical cases that I’ve found interesting enough to be described. These are usually written in the form of a diary or a story to make it more “bloggy”.
  • 🔎 DFIR. This section contains the most data. It’s all about Incident Response and Digital Forensics, including artefacts DB with all sorts of tricks, tips and tutorials for specific artefact type.
  • 🗝 Crypto. This section contains stuff about cryptography, hashing and steganography. Basically, all methods of data manipulation that make that data harder to read.
  • Reverse. Contains all sorts of crap things about reverse engineering and also malware analysis on a low level (API hooks, injections, exploits and other types of cool stuff). It also contains a section where I analyse some exploits and their mechanics.
  • Toolkit. Toolkit section is the collection of information about different tools, how to install them (if there are some tweaks in the way), how to use and when. Each article or blog post if it mentions a tool, has a tag of this tool, that’s how all the articles are linked to this section. I have a page in Notion, dedicated to this topic, which might be useful - here. Artefacts that are left from the tools are in the DFIR section.
  • Threat Hunting.
  • Tech Reference. Some article are just technical overview of some technology or service and that’s why it felt that I need a separate section for it. I might delete it in future.
  • Notes. I use this section for the notes that I take when I listen to a podcast, watch a video lesson or read a book or article or do some planning. Something that has not found its way to the articles or blog sections. At the moment I am moving to notion, so it’s possible, I will delete this section in future.

If you have some topics that you don’t understand (related to the ones, discussed in this blog), please, don’t hesitate to leave a comment and I’ll try to dissect it for you :)

Let's Go!