CVECrowd; Day 2: Lines 😣; Slack Dumper

I try to limit both R and cyber sections in these Drops since I could easily fill each edition with content only from those areas. I started these newsletters to showcase things that can totally be used in either ecosystem, and to drop some R and cyber content as well. Since I dropped one R resource yesterday, I felt compelled to add a cyber one today.

TL;DR

This is an AI-generated summary of today’s Drop.

1. CVECrowd: The first section discusses the importance of cybersecurity and the role of the cybersecurity community in maintaining collective safety. It highlights the website CVECrowd, a resource developed by a researcher named Konstantin, which scrapes Mastodon instances for real-time updates on Common Vulnerabilities and Exposures (CVEs). This section emphasizes the value of CVECrowd as a tool for defenders, researchers, and governments to stay informed about trending security flaws.

2. 30 Day Map Challenge: The second section is about the author’s participation in the 30-Day Map Challenge. The author shares details about a self-contained web server they developed in Golang for their submission. The post related to this project can be found at the blog for it. This section also mentions the use of Observable Plot in a vanilla JS context and provides JavaScript code examples for creating GeoJSON points and lines from gathered data.

3. Slack Dumper: The final section discusses the limitations of the free version of Slack, particularly the loss of long history and the ability to export data. To address this, the author introduces Slack Dumper, a tool that dumps Slack messages, users, files, and emojis using browser token and cookie information. This tool is useful for archiving private conversations, channels, and creating a Slack Export archive without admin access.

CVECrowd

If non-cyber folk truly knew how much of our collective safety and resilience is based on loose affiliations of a dedicated community, hacky information sharing, and vendors relying on attackers or legit researchers doing work the vendors should be doing to find and fix critical bugs, y’all might decide to toss your iPhones into a river/ocean and go live in a cave. (btw…don’t do that since those devices are full of toxic materials.)

For a while, one great source of “what’s on 🔥 right now” was CVE Trends. It was a site built by Simon J. Bell that had a back-end process which used the Twitter API to monitor real-time, trending CVE mentions on Twitter and present them in a super useful interface that made it easy for defenders and researchers (and governments) to know what was hot.

Musk’s API changes forced Simon to quiesce the project, since the pricing is as daft as X’s owner.

Thankfully, a capable researcher and developer — konstantin — has partially re-filled the gap with CVECrowd (I’m using my spelling of it). This site scrapes Mastodon instances (yes, that’s a touchy subject in some 🐘 circles) for the same info and joins it with tons of other metadata on CVEs.

I’ve defined this before, but it’s easy to re-up what a CVE is. It stands for Common Vulnerabilities and Exposures, refers to publicly identified and documented computer security flaws. CVE Trends had been, and CVECrowd is now, instrumental in providing real-time updates on these vulnerabilities.

You can dig into CVEs on your own over at NVD and CISA/MITRE’s site.

The section header kind of does the rest of the ‘splainin.

Day 2: Lines 😣

With some apologies, I’m going to have to cheat a bit to get today’s edition out. I spent way too much time last night on the second day’s entry for this year’s 30 Day Map Challenge.

Please see the details about the self-contained web server I wrote in Golang to make my idea for today’s submission possible over at the blog for it.

Apart from the Golang bit, this second entry also uses Observable Plot, but in a vanilla JS context. It also has some JavaScript code to show how to build lovingly hand-crafted GeoJSON points and lines from gathered data.

Slack Dumper

Salesforce has started charging excessively much for Slack instances, and we had to revert to the free version for our work’s community Slack. I really dislike putting any forum-y bits into gate-kept environments, since it reduces public discoverability and makes knowledge more exclusive to cliques. Rant. Over.

One thing that you lose when you go back to “free” Slack is long history and the ability to export data.

Enter Slack Dumper. It, unsurprisingly, dumps Slack messages, users, files, and emojis using browser token and cookie and information.

Typical use scenarios include: (stolen from the GH link)

• archiving your private conversations from Slack when the administrator does not allow you to install applications OR you would rather not use potentially privacy-violating third-party tools,

• archiving channels from Slack when you’re on a free “no archive” subscription, so you don’t lose valuable knowledge in those channels,

• creating a Slack Export archive without admin access, or

• saving your favourite emojis.

It is incredibly well-documented and will help us preserve the (public) knowledge and contributions from our amazing community members.

FIN

I really should have planned out this year’s 30-Day Map Challenge a bit better. ☮️