• DEFCON 201 — October 2017 Meet Up, PumpCon & Hacktoberfest

    10/14/2017 at 18:35 0 comments

    Welcome to the October 2017 DEFCON 201 meet up!

    Time: 7:00 PM — 10:00 PM

    Location: MakerBar (38 Jackson St. 3rd Floor, Hoboken, NJ)

    Facebook: TBA

    Meet-Up: TBA

    Joind.In: TBA

    Hackaday: TBA   NOTE: All info posted here is TBD. We will have the final version a week before the event.   Welcome to our October 2017 DEFCON 201 Meet Up!

    We are going to celebrate the fall (even though the weather does not match) with many activities. On the social front, we are going to be airing the first two episodes of Mr. Robot Season 3 Back to Back AND we are going to attempt to live stream for a bit from PumpCon. This way, nobody misses out on all the hacker happenings.

    Lined up for talks we have some great subjects from Bitcoin to the DarkNet. Finally, we welcome anyone bringing in their own projects to DEFCON 201 and we will push this agenda by having two Open Workshops. A crafting project to work on your own Halloween costumes and one that will let you win prizes for GitHub pulls called Hacktoberfest!

    .::AGENDA & SCHEDULE::. 

    7:00pm — 7:40pm  Meet & Greet, DEFCON 201 Agenda & GPG Key-Signing Party 

    7:40pm — 7:50pm  Bitcoin Talk — Theo 

    7:50pm — 8:00pm  Phishing for Root — Vi 

    8:00pm — 8:20pm  Dark Web Talk — Alan Smithee 

    8:20pm — 8:30pm  Intro to Hacktoberfest & Open Source Show and Tell — Sidepocket 

    8:30pm — 9:55pm  Open Projects & Community Project Workshops 

    9:55pm — 10:00pm  END OF OFFICIAL MEET UP    

    .::OPEN PROJECTS::.  

    Hacktoberfest — GI_Jack, Sidepocket

    Halloween Costume Craftathon — Sidepocket, Linux


    Bitcoin Talk


    :..>Bio: (Theo) TBA

    Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds of Physical Access)

    :..> It is often said that if an attacker gets physical access to your computer, all bets are off. In this presentation, I show how an attacker can gain root access to a Mac or Linux computer with just 8 seconds of physical access by using an attack that spoofs the sudo password prompt and cleans up after itself.

    :.>Bio: Vi is a software engineer, information security researcher, cryptographer, consultant, and presenter with over a decade of knowledge in front-end web development and over 5 years of back-end server development and information security experience. Technology is a quickly changing field and he always seek new intellectual challenges to overcome. Vi’s hobbies include lock picking, puzzle solving (including Rubik’s Cubes), design and illustration, cryptographic challenges, and studying information theory and computer history. More at: https://vigrey.com/

    DarkNet Talk


    :..>Bio: TBA

    .::OPEN PROJECT::.

    Hacktoberfest 2017 with DEFCON 201

    :..>What’s Hacktoberfest?

    Hacktoberfest — brought to you by DigitalOcean and GitHub — is a month-long celebration of open source software. Maintainers are invited to guide would-be contributors towards issues that will help move the project forward, and contributors get the opportunity to give back to both projects they like, and ones they’ve just discovered. No contribution is too small — bug fixes and documentation updates are valid ways of participating.

    Can’t make it to this event? Hacktoberfest is virtual and open to participants from around the globe. Sign up to participate today.

    Rules and Prizes

    First sign up on the Hacktoberfest site. If you open up four pull requests between October 1 and October 31, you’ll win a free, limited edition Hacktoberfest T-shirt. (Pull requests do not have to be merged and accepted; as long as they’ve been opened between the very start of October 1 and the very end of October 31, they count towards a...

    Read more »

  • DEFCON 201 — September 2017 Meet Up & Mapathon

    09/05/2017 at 05:51 0 comments

    Welcome to the September 2017 DEFCON 201 meet up!

    Time: 7:00 PM — 10:00 PM

    Location: MakerBar (38 Jackson St. 3rd Floor, Hoboken, NJ)

    Medium: https://medium.com/@defcon201/defcon-201-september-2017-meet-up-mapathon-698c4548bf07

    Facebook: https://www.facebook.com/events/350341792053992/

    Meet-Up: https://www.meetup.com/MakerBar/events/243001755/

    Joind.In: https://joind.in/event/defcon-201september-2017-meet-up--mapathon

    NOTE: All info posted here is TBD. We will have the final version a week before the event.

    Finally our BIG workshop project will be our own instance of Open Street Map! We are going to include on our instance all the working pay phones, power plugs, cyber cafes, Bitcoin ATMs and more!

    We need your help to map it!

    The entire Mapathon we plan on doing inside however weather permitting we will use vehicles and separate into two smaller GPS mapping teams, one for Hoboken and one for Jersey City, to do some exploring and testing of the payphone systems data to include on the maps!


    7:00pm — 7:40pm 
    Meet & Greet & GPG Key-Signing Party

    7:40pm — 7:50pm
    Social Enineering: A Primer — Sidepocket

    7:50pm — 8:00pm
    API Vulnerabilities and Blast Radius of Microservices — Tom Czarniecki

    8:00pm — 8:20pm
    How the World Crumbles Beneath Our Feet — Vi

    8:20pm — 8:30pm
    Intro to Open Street Map — bhousel

    8:30pm — 9:55pm
    Open Projects & Community Project Workshop

    9:55pm — 10:00pm

    DEFCON 201 Open Street Maps Project — Sidepocket, GI Jack, bhousel


    Social Engineering: A Primer

    :..>One of the biggest yet often underused tools in the hacker toolkit, Social Engineering is the art of manipulating a person using the oldest programming language in existence: Human Spoken Language. Some of the biggest hacks, heists, calamities, peace treaties and elections were made through the use of social engineering. This primer will give an introduction and in depth look to methodologies to social engineering (Recon, Body Language, Conversation Flow, Mind Games, Scams, ect) and techniques that the author has found to be the most successful.

    :..>Bio: Sidepocket is an awful human being that for some reason people listen to. A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, he is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

    API Vulnerabilities and Blast Radius of Microservices

    :..>Splitting up a monolith into microservices is now becoming a common practice in startups when they reach a certain size. While for most this may be a good choice, it does not come for free. Aside from increased observability, reliability and performance requirements, this approach brings in a number of fresh application vulnerabilities, and re-introduces some old ones. This presentation will attempt to list a few of these, their reasons, and their blast radius, including the risk of some truly impressive cascading failures.

    :..>Bio: Tom Czarniecki has been a system breaker, UI developer, devops shaman, microservice architect, AWS trainer and infrastructure architect. He loves making things and breaking things and making things to break things makes him particularly happy. Currently he is the technical lead for application security at DigitalOcean. Previously he was the technical lead and founder of the engineering teams at SoundCloud NYC and before that Tom was a lead consultant at ThoughtWorks for longer than he cares to remember. More info at: https://watchitlater.com/blog/

    How the World Crumbles Beneath Our Feet


    Read more »

  • About DEFCON 201

    09/05/2017 at 05:47 0 comments

    Welcome to the DEFCON 201 Medium Blog!

    DEFCON 201 is the Area Code 201 (North East New Jersey) chapter of the global DEFCON GROUPS (https://www.defcongroups.org) organization. We meet up every THIRD FRIDAY of EVERY MONTH at MakerBar (http://www.makerbar.com) Hoboken NJ from 7:00 PM to 10:00 PM to work on hardware/software/construction projects. Projects include everything from coding to network set up, soldering electronics to sewing and everything in between. We also hold special events all over New Jersey and attract hackers, phreaks, nerds, geeks, sympathizers, and more unlabelable folks.

    We started this Medium blog (which will/is linked to our website at https://www.defcon201.org) to not only reach out to our members in real time about meet up events but also to reply to various hot topics in the hacker community AND to highlight articles from our members about various topics.

    You can find us all over Social Media at:

    Medium: https://medium.com/@defcon201

    Twitter: https://twitter.com/defcon201nj

    Forums: https://forum.defcon.org/forum/general-area/defcon-group-forums-and-or-links/u-s-defcon-group-forums-and-or-links/dc201-hoboken-nj

    Facebook: https://www.facebook.com/groups/1743426829004414/

    Quitter: https://quitter.no/defcon201

    Mastadon: https://hostux.social/@defcon201

    GitHub: https://github.com/defcon201


    Sidepocket, Co-Founder of DEFCON 201