MinallWch

joined 1 year ago
 

Hello Emacs Community!,

I'm a long time Emacs user, right now using the Doom framework and, I recently took a look at the power Nix, specifically the devenv.sh project. I wonder if someone is using it in some manner. As it being quite powerful and allowing having separate development environments.

Are there any packages for this?, and if not, how complicated would it to be to for example, once entering a project, Emacs gets all of its PATHs (languages like NodeJS and other niceties) so that little by little, the project can be replicated and used completely with devenv and Emacs without having to installing anything globally.

Thank you, I would love to hear your workflows!, just wanting to be sure I'm getting the best of the best in my environment, I will be coding in Javascript, Angular and so on.

[–] MinallWch@alien.top 1 points 11 months ago (1 children)

Does this require building org-mode itself?, or can it be fixed in a simpler way?… I connect to remote systems so asynchronous is a must

[–] MinallWch@alien.top 1 points 1 year ago

How are these made?, does it get given like the emacs official docuentation as well as elisp and its reference fully updated?

I've tried to use GPT for Elisp coding and, it is not much usable...

[–] MinallWch@alien.top 1 points 1 year ago

Doom doctor doesn't tell to install the icons. There are even times that Emacs is blank and one has to install a specific font like emoji and install nerd and all the icons using Emacs in the terminal

[–] MinallWch@alien.top 1 points 1 year ago (2 children)

Any API like alternatives that use eMacs own framework?

[–] MinallWch@alien.top 1 points 1 year ago

I see. What I did for this incident specifically was to get a list of all the commands that were ran and of course, directly into the document, so it will be a template for future things but, I would like to make it more formal, as to something I can rely on completely, of course knowing that every incident is different, I would like to make some practices as to an incident or trying to reproduce a specific simple vulnerability.

Perhaps I'm getting also ahead of myself, as there may be other things for pen testing or to implement environments like docker. I'm just thinking how it could be applied, like an org file that everyone can download and learn how this specific vulnerability is, and how can it be tried with curl against a specific environment also made in the org mode file, in this case the guix command for a container.

Is this possible with Distros like Debian or Redhat?, in which case I would go for the most faster and simplest route, as I'm not sure if I want this just as a study for me (and having these tests available open source) or it can actually be used for something on the field.

I haven't heard about serverspec nor Inspec, I will read about them.

Its a little hard to get my head around your stack yet, I really appreciate your response.

 

Hello Emacs Community!,

As everyone on this community, I'm an Emacs power user and have several niceties configured, gnus for Email, Doom Emacs, and I heavily use org mode, I recently used it for a 'Incident Playbook' which was basically making an incident and responding to it following certain steps, more of a Digital Forensics and Incident Response (DFIR) work.

So, I made a server in Ansible, made a test malware that will be ran in this server (delete a log file idk), and proceeded to do everything directly in org-mode, running every command via tramp to the server, getting any info from the disk and getting a dd and such. Finally I made a whole document with full details on the server in that point in time, which was pretty interesting as I could have this as a template for future incidents and have certain commands saved for this.

And I got the idea, wouldn't it be interesting to have org mode files like these but for testing specific vulnerabilities?, even using a tool like NixOS or Guix to make commands that will get the old version x.x.x of nginx and I could test a vulnerability there, so it is also reproducible and everyone can use the org file and test this vulnerability?, basically more of a study and proof of concept rather than something more 'heavy' as in business related.

Does anyone have a similar use case?, I would love to hear for them as I want to go into the DFIR route.

TLDR. Not specific to an emacs programming or library question, but much more of a broader question about a cybersecurity workflow.

[–] MinallWch@alien.top 1 points 1 year ago

It is a great WM, the only really downside is the single threaded bit, which you can fix by opening another instance of emacs and passing keycaps directly, so that you run any processes that you know will block you in any time, in the created instance, this with emacs server is all you need.