Keeber Security Group

Keeber 1

Solved by: Starry-Lord

By searching for keeber security group on google we quickly found a valid domain at, then finding the registrant name online gave the flag.

Keeber 2

Solved by: Starry-Lord

We can check for past versions of most website, and we find they fired Tiffany Douglas:

Keeber 3

Solved by: Starry-Lord

Here is their github:

We can see at this point in time a file called asana_secret.txt was uploaded to the github by mistake, Tiffany made a typo in the .gitignore file which ended up preventing asana_secret.tx from being commited (which doesn’t exist). Looking up Asana, I read we can query other users e-mails if we invite them to a group we create. It didn’t help us here but still noticeable detail. Researching more on asana, I discovered it has an API which allows to get information back with the right Authorization Header.

Keeber 4

Solved by: Starry-Lord

To open this kbdx file we can use keepass2 on Kali Systems, after grabbing it from the github.

To make a custom wordlist from public facing information I used cewl:

cewl > code_reviews.txt 

I did so for each text files in the /security-evaluation-workflow/ repository.

Then I had to turn it into a crackable format with keepass2john:

starlord@HAL-9000:~/Bureau/Fun/Nahamcon2022/Keeber$ keepass2john ksg_passwd_db.kdbx 


password: craccurrelss

Keeber 5

Solved by: Starry-Lord

Clone the repository /security-evaluation-workflow/ and check commit logs.


Keeber 6

Solved by: Starry-Lord

Lost a piece of my soul and made a yelp account, to look for reviews by e-mail.

Keeber 7

Solved too late by: Starry-Lord


This online tool showed a mention about myspace, so I sacrificed another bit of my soul and made a MySpace account. This allows us to find the flag and a new username:

Keeber 8

Solved too late by: Starry-Lord

myspace username: cereal_lover1990

A quick search for the username with another online tool reveals a matching user on

content of Chump List: