clean up blog styling and add bybit content

_layouts/post.html

@@ -1,12 +1,10 @@
 <!DOCTYPE html>
 <html lang="{{ page.lang | default: site.lang | default: en }}">
-
-{%- include head.html -%}
-
-<body>
-    <div class="container">
-
+	{%- include head.html -%}
+	<body>
 		{%- include header.html -%}
+		<div class="container blog">
+			<main>
 				<article class="post">
 					<h1>{{ page.title }}</h1>
 
@@ -14,14 +12,15 @@
 						{{ content }}
 					</div>
 
-            <div class="date">
-                Written on {{ page.date | date: "%B %e, %Y" }}
-            </div>
-
+					<p>
+						{% for author in page.authors %}
+							— {{ author.name }}{% unless forloop.last %}, {% endunless %}
+						{% endfor %}
+					</p>
 				</article>
-
+			</main>
 			{%- include footer.html -%}
 		</div>
-</body>
-
+	</body>
 </html>
+

_posts/2025-03-20-bitby-report.md

@@ -1,4 +1,11 @@
-# ByBit Incident Report
+---
+layout: post
+title: bybit incident report and mitigating controls
+date: 2025-03-20
+cover_image: "/assets/images/whale_shark.jpg"
+authors:
+  - name: Anton Livaja
+---
 
 The ByBit incident is an example of a nation state actor using a series of sophisticated attacks to compromise high value targets. When the value at stake is such that it justifys spending funds on buying 0-days, in some cases multiples, and combining them into elaborate exploit chains, attacking multiple different layers of the tech stack, highly targetted social engineering, compromise of individuals, planting of moles or even phsyical attacks, the threat model which needs to be assume to adequately address risks needs to be extreme.
 
@@ -20,9 +27,11 @@ The suggested mitigating controls following in this report consist of tools whic
 
 This report highlight the major single points of failure, which rely on a single individual and/or computer, thus creating an opportunity for compromise. Blockchains benefit from security of the network via strong cryptography and decentralization. More "traditional" parts of the infrastructure historically have not had the ability to distribute trust, but with some clever tactics we can achieve a decentralization of trust which helps us ensure that no single individual or computer can compromise a system.
 
+---
+
 ## Root Cause Analysis and Mitigating Controls
 
-### Developer Workstation Compromise
+### I. Developer Workstation Compromise
 > Earliest known malicious activity was identified, when a developer’s Mac OS workstation was compromised, likely through social engineering. ([Sygnia report](https://www.sygnia.co/blog/sygnia-investigation-bybit-hack/))
 
 #### Primary Mitigation
@@ -47,7 +56,7 @@ Another way to mitigate this risk is to use a hardened server, such as a secure
 
 * It is also worth noting that it appears a Docker container with network connectivity was used to compromise a developer's machine initially. This points to an often overlooked issue, which is that Docker is not a secure containerization technology, as it makes it fairly trivial to move files across the container boundary, as part of its design. This is useful for some usecases but not for strict isolation - which should instead rely on hardware-based virtualization.
 
-### JavaScript Code Tampering
+### II. JavaScript Code Tampering
 
 > Preliminary incident reports by both Sygnia and Verichains were shared by Bybit’s CEO, Ben Zhou in his X post. Both reports highlighted the same attack vector – the modification of JavaScript resources directly on the S3 bucket serving the domain app.safe[.]global. ([Sygnia repors](https://www.sygnia.co/blog/sygnia-investigation-bybit-hack/))
 
@@ -69,7 +78,7 @@ All third party code should be manually reviewed. Currently most companies rely
 
    - Distrust's answer to this is [SigRev](https://git.distrust.co/public/sigrev), which helps harness the power of nerds to create a repository of signed reports for reviews of open source software. The idea is that companies can come together to fund review of common open source software, to save money, and simultaneously help secure Open Source software. SIgRev has been designed, but is not yet in development and is seeking funding.
 
-### Compromise of WebUI  
+### III. Compromise of WebUI
 > Bybit initiated a transaction from the targeted cold wallet using Safe{Wallet}’s web interface. The transaction was manipulated, and the attackers siphoned the funds from the cold wallets. ([Sygnia report](https://www.sygnia.co/blog/sygnia-investigation-bybit-hack/))
 
 #### Primary Mitigation

_sass/base.scss

@@ -99,7 +99,7 @@ a {
 a:hover {
 	text-decoration: none;
 	color: var(--background-color);
-	background-color: var(--base-color);
+	background: var(--base-color);
 	transition: background-color 0.3s ease-in-out, color 0.3s ease-in-out;
 }
 
@@ -1494,6 +1494,13 @@ pre {
 /**
  * Blog
  */
+
+.post {
+	margin: 100px 0px;
+	max-width: 700px;
+	margin: auto;
+}
+
 .post img {
 	max-width: 100%;
 }
@@ -1506,6 +1513,38 @@ pre {
    max-width: 100%;
 }
 
+.entry {
+	font-size: 1.2rem;
+}
+
+.date h4 {
+	font-size: 1rem !important;
+}
+
+.blog h1 {
+	font-size: 2.2rem !important;
+}
+
+.blog h2 {
+	font-size: 1.8rem !important;
+}
+
+.blog h3 {
+	font-size: 1.6rem !important;
+}
+
+.blog h4 {
+	font-size: 1.4rem !important;
+}
+
+.blog h5 {
+	font-size: 1.2rem !important;
+}
+
+.blog hr {
+	margin: 80px 0px;
+}
+
 /** end blog */
 
 *,

blog.md

@@ -5,14 +5,15 @@ permalink: /blog.html
 ---
 <div class="posts">
   {% for post in site.posts %}
+		<a href="{{ post.url | relative_url }}" title="{{ post.title }}">
 			<article class="post">
-      <h1><a href="{{ post.url }}" title="{{ post.title }}">{{ post.title }}</a></h1>
+				<h4>{{ post.title }}</h4>
+
+				<p>{{ post.excerpt | strip_html | truncatewords: 35 }}</p>
+
+				<p>{{ post.date | date: "%Y %b %e " }}</p>
 
-      <div class="entry">
-        {{ post.excerpt }}
-      </div>
-      <h4>Written on {{ post.date | date: "%B %e, %Y" }}</h4>
-      <a href="{{ post.url }}" class="read-more">Read More</a>
 			</article>
+		</a>
   {% endfor %}
 </div>