Category Archives: Uncategorized

Spreading Post-Conference Energy: Creating a CTF Team in Denver Metro Area

Does anyone else get that post conference energy boost?

Last week was the Rocky Mountain Information Security Conference and it was a fantastic time. I got to connect with my friends across the different disciplines, listen to inspiring keynotes, ponder some technical concepts and a big part of my experience this year was my 6 hours spent on SANS Net Wars Core.

So, the question is how to spread that energy out, and not get burned out by attempting to push for change harder than is practical. Every year I seem to run into the same dilemma. It is so predictable that my team can call me out on it every year!

This year my approach is to try to document and take note of all the content that stuck with me. From there I intend to keep those in my “pocket” ready to answer questions.

Rather than focusing on what I can change or impact I am going to lean in on the concept of Capture The Flag. I would like to create a CTF team in the Denver Metro area. The focus would be skill development and fun. I would like to specifically reach out to students, unemployed and under employed talent. Most teams that compete in CTF challenges are tied together through work or school. I have not seen many other opportunities. I may be able to accomplish this through the Denver Information Systems Security Association (ISSA), But that is yet to be determined. Regardless, that is my current focus. I want to help create a group that enjoys tasks like Hack The Box as well as in person CTFs. If you are interested please reach out to me via LinkedIn and we can chat!

Quick update

Let me just get this out there, maintaining a WordPress blog on a VPS using Linux and everything maintained by ones self is exhausting and not fun. So, I have rebranded and moved platforms. I am still working on layout and improvements and I hope to be way more active. If some one ever asks you to stand up a WordPress site on a VPS using Linux just say NO!

Scraping Pastebin with Python

Pastebin.com has been around quite a while yet it still stands as one of the most popular exfiltration platforms for data breaches and leaks. There is also a lot of other miscellaneous junk on Pastebin from developers, writers and other people who mess around with the service. The good stuff, the passwords, user names and PII that we as Security Professionals are looking for to alert our stakeholders; is gone in a short amount of time. This means that you need to programmatically search and retain relevant data.

The easiest way to do this with no programing is to use Pastebin’s own https://pastebin.com/alerts.php or a competitive external project like https://www.andrewmohawk.com/pasteLert/. The downside of these is that this relies on an email alert when new items are found. That may not be fast enough or does not scale to enterprise type workflows.

So, I wrote up a scraper using Python and the Pastebin Pro API. I call it Pybin. https://github.com/nayra42/pybin

This program is written in Python 3 and is intended to be ran on a Linux system as a Daemon. It scans the latest public pastes every second and saves the unique key. The unique key is kept in a list so that it is not scraped or searched against again. I leveraged log rotate to keep the keys list from filling up. If the contents of the paste match the regex filter then the key, match and time are saved to another flat file. I then used log collector to send that file to my SIEM for instant alerting and monitoring.