Cont3xt: A Father-Son Open Source Project for Improved Reconnaissance
Note: Verizon Media is now known as Yahoo.
In the Summer of 2021 — amidst a pandemic and, worse, a quarantined teenager — I, like most fathers in search of something to talk about with my son, devised a plan.
At work, I’m a threat intelligence analyst. My job is to research threat actors and enrich indicators so we can better identify threats to both Yahoo and its users.
I am sure I am not alone in having been inconsistent in my use of available research tools.
Meanwhile, my son Toby, then-16, is a self-described nerd who loves to solve problems with software. So we set out to build this Blue Team adjacent tool together. You know, nights and weekends using home computers.
We called it Cont3xt.
The project was so compelling Yahoo took it on later in the year as a part of Arkime — our open-source full packet capture software, which is incredibly well maintained by fellow-Paranoids Andy Wick and Elyse Rinne.
And for good reason. Manually querying the usual intel sources might otherwise take a dozen or so minutes per indicator.
Cont3xt is implemented as a web app to simplify technical indicator triage. It automates the task of gathering contextual intelligence from a handful of popular services.
Additionally, an analyst or investigator can easily build custom queries into any web resource where the web application supports query string deep linking.
Early adopters are already out there who have noticed the Cont3xt tree in Arkime in spite of no public mentions.
Senior Projects
Like most kids, Toby did not fully deliver on everything that I wrote up as requirements. But, that’s ok. I forgive him.
Toby made out like a bandit. I thought it was important to reward his hard work so I paid him in a mix of cash, trips, and hardware.
Regardless, Toby, now 17, has moved on. A year after we started working together, he’s developing software that takes two-dimensional art and renders in three dimensions for use with other tools.
And just like Cont3xt — which will be making an early official public release with the soon-to-be-released Arkime 4.0—he already graduated.
This summer, Toby is working as an intern with the Arkime team. And, in the fall, Toby will be studying computer science at Georgia Tech.
I couldn’t be prouder!
