Splunking DLP data with a side of active response

Recently, I was attending a corporate event via conference call and I noticed a distinct phrase being mentioned over and over by the event speakers. “Please refrain from taking screenshots of these slides as they are not meant for public disclosure.” Sound familiar to anyone? How many people are actually going to abide by this suggestion? For in-person events, this warning may be enough to ward off the rogue mobile phone picture taker…but let’s face it…when people are at home, in their office, not thinking that they are being “watched”, they definitely are going to take that screen capture (and potentially send it elsewhere).


WORMCON CTF occurred this weekend and I had a fun time digging through a handful of Forensics and Networking challenges. Network At Risk (Part 2)This challenge provided a PCAP file that contained quite a bit of FTP traffic. As I’m sure most know, FTP does not encrypt data while in transit. This provided me with a good starting point to try and gather some information. Figure 1: Protocol hierarchy Sure enough, one of the first things I noticed in the FTP requests is a username and password.

CorCTF - 2021

Lately, I’ve been keeping my eye out for interesting CTF’s to compete in. This past weekend, the corCTF team hosted their own event and boy was it a tough one. Being primarily a forensics guy, I was definitely out of my comfort zone with many of the challenges being binary exploitation, reversing, and cryptography. I clung onto anything that looked familiar and in the end was able to crack a web challenge for a few points.

GuidePoint Security CTF - August 2021

It’s been a while since I had a chance to sit down and tackle a CTF. Lucky for me, GuidePoint Security recently ran their August iteration and it gave me a chance to brush off some cobwebs! I wasn’t able to solve all the challenges (damn you Python!) but had a pretty good idea on how to approach most of ‘em. Below are some write-ups on ones that I had fun trying to solve.

SOC work. A walk through the trenches. [Part 1]

It’s no secret that working in a Security Operations Center (SOC) can be a demanding, thankless, and tough job (with it only getting tougher). This is especially true for folks just getting started in the industry who are building the foundational skills required for career progression. Working long hours, weekends, holidays…this is the side of cyber they don’t tell you about… If you’re not prepared for it, you might start asking yourself “What the hell did I just get myself into?