12 posts tagged with "tools"

CTF weekend. My teammate can't run my exploit because their Ubuntu isn't my Ubuntu. Different Python version, different libc, different vibes. The tool that works on my machine installs cleanly on mine and fails silently on theirs. We burn 40 minutes on environment debugging instead of the actual challenge.

The "works on my machine" problem, but for offsec tooling. The fix is obvious in hindsight: package everything into one image so the next teammate just does docker pull.

pwndocker-reverse is that image — 45+ tools on Ubuntu 24.04, everything from pwntools to Ghidra to AFL++ to three GDB plugins that coexist without breaking each other. One pull, you're in.

Forensics challenge, 90-minute timer. I spent 60 of those minutes running vol -f memory.raw <plugin> in sequence, one plugin at a time, piping output to files, checking for errors, moving to the next. Mechanical, repetitive work. And at the end of it I had 25 output files to correlate — and I'd never gotten to malfind. The artifact was in there. I missed it because I ran out of time doing the wrong kind of thinking.

That's the problem: Volatility 3 is powerful, but the interface is 20+ manual commands on every single case. Volatility Toolkit automates the sequence. Auto-detect the OS, run all relevant plugins in parallel, extract IOCs, structured report. One command. Then you think about what the dump shows, not which command to type next.

I forgot my anniversary twice in the same year. I committed AWS keys with GPS metadata still in the EXIF. I did Red Team work on Starbucks WiFi. I sent a 2am email to a CEO about "agile bullshit".

These are not hypothetical failure modes. These are the origin stories.

zero-trust-lifestyle is what happens when a security researcher gets tired of being the threat model. 33 bash scripts, each one born from a real incident, covering everything from OPSEC paranoia to relationship maintenance to corporate survival. Someone found the scripts folder:

"So I'm going through my colleague's scripts folder. This security researcher has automated their entire life. You're not gonna believe this shit."

Accurate.

My first TraceLabs CTF. The clock is running, my teammates are already triaging leads, and I'm still typing site:linkedin.com "John Doe" Seattle by hand. The same query I've typed a hundred times. Then the username variants. Then the reverse image search URLs for each platform, one by one. We finished 7th, which is fine, but it didn't feel like 7th-place work — it felt like I'd spent a third of the competition on mechanical tasks that shouldn't take that long.

I went home and started building dorkhound. Give it a name — or a full case file with emails, phones, usernames, a photo — and it generates 340+ ranked search URLs across 25 categories, ready to triage. The scaffolding that used to take 45 minutes takes about three seconds.

Mid-CTF, web challenge, something is hidden on the page. I'm digging through source by hand, looking for HTML comments and concealed tags, squinting at DevTools like a man who lost his glasses. Ten minutes of this. Worst ten minutes of my life.

That became the first bookmarklet — Expose Hidden Content. One click, color-coded highlights, done in two seconds. The rest accreted from the same place: every "ugh, this again" moment during a CTF or OSINT investigation that was repeatable enough to automate. Username generation from a name. Bulk URL opening from a dork result. Domain reconnaissance without opening 30 tabs manually. Each one is a muscle memory shortcut that stopped being manual.

That's bookmarklets — 9 tools built on one principle: drag a link to your bookmark bar, click it on any page, done. No install, no extension permissions, no trust in a third party. The entire source is visible JavaScript that runs locally in your browser. Nothing leaves the page.

OSINT CTFs are a team sport, and the bottleneck is almost never knowledge — it's coordination. During a competition, our team was hitting maritime challenges, aviation challenges, username enumeration, the full spread. And a significant chunk of time just evaporated into "which tool do I use for this?" and "is that source reliable enough to submit on?"

The experienced members had their go-to sources. The newer ones didn't, and asking mid-CTF burns time for everyone. What I wanted was one bot covering the reliable tools for the most common challenge types — so the question becomes "what do I know about this target?" instead of "where do I even start?"

That's Discord OSINT Assistant. 31 slash commands across 8 categories, results in the channel where the whole team sees them. No divergent environments, no "which Python version do you have", no shared credentials in chat.

1min.ai gives you access to 66+ models through one API key. The web interface also exists, and it works, and every single time you use it you're clicking through the same dropdowns, losing your context when you switch models, and there's no way to pipe output anywhere or set a preference that sticks. It's fine for occasional use. It's friction for actual work.

I wanted full control — CLI, persistent configuration, model mixing, conversation management. Not their UX. Mine.

llm-1minai is a plugin for Simon Willison's LLM CLI that plugs 1min.ai's model catalog into the terminal. One key, 66 models, all the LLM framework's tooling on top.

I have an Obsidian vault. I have a Docusaurus site. I wanted most of the vault on the site — not a copy maintained separately, not a manual export, but the actual vault, synced at build time and published directly.

The problem: Obsidian and Docusaurus don't speak the same language. Wikilinks ([[Page Name]]) break MDX. Callouts (> [!note] Title) render as nothing. File paths assume vault-root-relative addressing that Docusaurus doesn't know about. You can't just point Docusaurus at a vault folder and expect it to work.

docusaurus-plugin-obsidian-vault handles the translation. At build time: pull the vault, transform the syntax, copy the assets, generate the sidebars, publish. The vault stays in Obsidian. The site stays in Docusaurus. They sync.

The client message arrives at 10pm. "Can you have a plugin POC ready by morning?" Sure. And then you spend the next 45 minutes getting your local PHP to match the right version, untangling why WP-CLI can't find your config, tracking down why email testing isn't working, and fixing permissions that WordPress keeps silently breaking.

The plugin itself takes 40 minutes. The environment setup takes longer. That's backwards.

After enough "by morning" requests across hundreds of plugins and dozens of themes, I stopped tolerating the setup tax. WP Quick Dev — one script, make install, done. WordPress 6.0+ on PHP 8.2, MariaDB 11.0, WP-CLI, phpMyAdmin, and Mailpit, all up and running in under 60 seconds. Then the actual work starts.

CTFd is genuinely good software. It's also a whole thing to deploy, and the managed hosting costs money, and the free tier has limits, and now you're maintaining infrastructure for an event that runs once a quarter for thirty people who are already in your Discord server.

The "pin the challenges in a channel, DM me your answers" approach works exactly once before someone complains about fairness, someone else asks for a hint publicly, and the leaderboard becomes a spreadsheet you're updating by hand at midnight. Life is too short.

So I built the platform inside the place where everyone already was. Discord Judge Bot — challenge creation, submissions, hints, leaderboards, and digital badge issuance, all in slash commands.

The team channel already had the rekognition bot for images. Someone asked if we could get AI in there too — not a link to ChatGPT, not "go use your own account", but actually in the channel where the conversation was happening. Results visible to everyone, model selection available to anyone, no one managing their own API keys.

That's Discord AI Assistant. One /ai slash command, 12 models on a dropdown, routed through 1min.ai so there's exactly one API key to manage. GPT-4o, Claude Sonnet 4, DeepSeek R1, Gemini, Grok, Sonar — whoever in the server needs a model, picks it from the list.

I'm old and slow. Not elderly — just, by the time I've got five tabs open, uploaded to a face tool, waited for the result, and figured out what the confidence score actually means, the moment's gone. The CTF clock is ticking and my teammates are staring at me.

What I actually wanted was /rekognition compare in the team channel. One command, answer visible to everyone, no browser tabs, no copy-pasting face URLs into some website that charges per lookup. Just: does this face match that face, yes or no, confidence score attached.

That's the whole idea. discord-amazon-rekognition wires AWS Rekognition's full analysis pipeline into two Discord slash commands. Face comparison, OCR, object detection, celebrity recognition, content moderation — all available without leaving the channel where the conversation is actually happening.