Thursday, March 28, 2013

Introducing dumpmon: A Twitter-bot that Monitors Paste-Sites for Account/Database Dumps and Other Interesting Content


TL;DR

I created a Twitter-bot which monitors multiple paste sites for different types of content (account/database dumps, network device configuration files, etc.). You can find it on Twitter and on Github.

Introduction

Paste-sites such as Pastebin, Pastie, Slexy, and many others offer users (often anonymously) the ability to upload raw text of their choice. This is helpful in many scenarios, such as sending a crash report to someone or pasting temporary code. However, in addition to some people not being careful with what they upload (leaving passwords and other sensitive data in the text), attackers have been starting to use these sites to share post-compromise data, including user account data, database dumps, URLs of compromised sites, and more.

Since there are so many users uploading text to these sites, it's often difficult to find these interesting files manually. While techniques such as Google Alerts can be applied, the results are often a day or two old and are sometimes deleted. This prompted me to create a tool which monitors these sites in "real-time" (less than a minute of delay for the slowest sites) for specific expressions, and then automatically rank, aggregate, and post these results to Twitter for further analysis. I call this tool DumpMon.

Thursday, March 14, 2013

Installing Kali Linux in a VirtualBox Virtual Machine

Introduction

For years, Backtrack Linux, a penetration testing suite from Offensive Security has been the standard operating system for security testing professionals. However, Offensive Security has just released a new distribution based on Backtrack called Kali Linux which seems to offer quite a few improvements. In a previous post, I showed how to create a Backtrack virtual machine using the open-source virtualization software VirtualBox. I felt it would be helpful to create a similar post showing how to create a Kali Linux virtual machine. The process will be nearly identical, but hopefully will still serve as a useful reference to some. With that being said, let's get started.

Monday, March 4, 2013

Automatically Enumerating Google API Keys from Github Search


Introduction

Github recently introduced its new and improved search feature. While the improvements make search for content much easier, it has certainly introduced its share of problems as well. This is just another example.