Welcome to the September 2017 DEFCON 201 meet up!
Time: 7:00 PM — 10:00 PM
Location: MakerBar (38 Jackson St. 3rd Floor, Hoboken, NJ)
NOTE: All info posted here is TBD. We will have the final version a week before the event.
Finally our BIG workshop project will be our own instance of Open Street Map! We are going to include on our instance all the working pay phones, power plugs, cyber cafes, Bitcoin ATMs and more!
We need your help to map it!
The entire Mapathon we plan on doing inside however weather permitting we will use vehicles and separate into two smaller GPS mapping teams, one for Hoboken and one for Jersey City, to do some exploring and testing of the payphone systems data to include on the maps!
.::AGENDA & SCHEDULE::.
7:00pm — 7:40pm
Meet & Greet & GPG Key-Signing Party
7:40pm — 7:50pm
Social Enineering: A Primer — Sidepocket
7:50pm — 8:00pm
API Vulnerabilities and Blast Radius of Microservices — Tom Czarniecki
8:00pm — 8:20pm
How the World Crumbles Beneath Our Feet — Vi
8:20pm — 8:30pm
Intro to Open Street Map — bhousel
8:30pm — 9:55pm
Open Projects & Community Project Workshop
9:55pm — 10:00pm
END OF OFFICIAL MEET UP
DEFCON 201 Open Street Maps Project — Sidepocket, GI Jack, bhousel
Social Engineering: A Primer
:..>One of the biggest yet often underused tools in the hacker toolkit, Social Engineering is the art of manipulating a person using the oldest programming language in existence: Human Spoken Language. Some of the biggest hacks, heists, calamities, peace treaties and elections were made through the use of social engineering. This primer will give an introduction and in depth look to methodologies to social engineering (Recon, Body Language, Conversation Flow, Mind Games, Scams, ect) and techniques that the author has found to be the most successful.
:..>Bio: Sidepocket is an awful human being that for some reason people listen to. A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, he is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org
API Vulnerabilities and Blast Radius of Microservices
:..>Splitting up a monolith into microservices is now becoming a common practice in startups when they reach a certain size. While for most this may be a good choice, it does not come for free. Aside from increased observability, reliability and performance requirements, this approach brings in a number of fresh application vulnerabilities, and re-introduces some old ones. This presentation will attempt to list a few of these, their reasons, and their blast radius, including the risk of some truly impressive cascading failures.
:..>Bio: Tom Czarniecki has been a system breaker, UI developer, devops shaman, microservice architect, AWS trainer and infrastructure architect. He loves making things and breaking things and making things to break things makes him particularly happy. Currently he is the technical lead for application security at DigitalOcean. Previously he was the technical lead and founder of the engineering teams at SoundCloud NYC and before that Tom was a lead consultant at ThoughtWorks for longer than he cares to remember. More info at: https://watchitlater.com/blog/
How the World Crumbles Beneath Our Feet
:..>The Internet today, like roads and bridges, has gone from being useful to being infrastructure, convenient to the point where society advances with the expectation that it is available and that people having working access to it. What happens if that infrastructure breaks?
:.>Bio: Vi is a software engineer, information security researcher, cryptographer, consultant, and presenter with over a decade of knowledge in front-end web development and over 5 years of back-end server development and information security experience. Technology is a quickly changing field and he always seek new intellectual challenges to overcome. Vi’s hobbies include lock picking, puzzle solving (including Rubik’s Cubes), design and illustration, cryptographic challenges, and studying information theory and computer history. More at: https://vigrey.com/
Intro to Open Street Map
:..>OpenStreetMap is a collaborative project to create a free editable map of the world and is a prominent example of volunteered geographic information. Created by Steve Coast in the UK in 2004, it was inspired by the success of Wikipedia and the predominance of proprietary map data in the UK and elsewhere. Since then, it has grown to over 2 million registered users. This is a crash course in collecting data using manual survey, GPS devices, aerial photography and other free sources. We will also go over the OSM editing suits id, Potlatch, JSOM and GNOME Maps along with the overal Open Street Cam resource website. Afterwards our instructors and DEFCON 201 Members will go directly into the Mapathon Open Workshop!
:..>Bio: (bhousel, Sidepocket [backup]) TBA
DEFCON 201 Open Street Maps Project
:..>The DEFCON 201 Open Street Maps (OSM) Project is an hosted instance of Open Street Maps that will be a living map of all resources that hackers can use in the 201 Area. This includes working payphones, public power plugs, Bitcoin ATM Machines, free Wi-Fi access points, hackerspaces, security cameras, halfway houses, cyber cafes and more. Think of it as an open source Motorist Green Book for hackers.
Workshop attendees will get familiar with basic cartography and map editors like iD, JSOM and GNOME Maps to edit on hand GPS and location data. They will then add previously recorded data into our first instance of Open Street Maps to build this project.
WEATHER PERMITTING we will also have two groups of four people (min) to get off their buts and go on a mapping adventure! Folks will have their phones loaded with OsmAnd (Android & iOS) and optionally OSM Contributor Mapping Tool (Android) or Go Map!! (iOS) with one group in Hoboken (on foot) and one in Jersey City (dropped off and picked up via car) on foot to explore a selective area for GPS and visual data with the primary target being pay phones. Mapathon GPS Leaders will also have tools and tricks to test out the payhones, power plugs, Wi-Fi and other mapping points of interests.
Regardless the entire MAPATHON is deigned to be done entirely indoors if weather is bad juju.
:..>What To Bring: Armchair OSM Editors must bring a laptop (preferably running GNOME) with a working up-to-date browser that can run both HTML 5 and Java. You should also run an IRC client on channel #DEFCON201 connected to
chat.freenode.net SSL ( ports 6697, 7000 and 7070) or on Tor at
freenodeok2gncmy.onion with SASL Authentication. Members who have signed up on our mailing list can also use Riot.IM.
GPS Mapathon Groups should bring either a GPS Device that can dump data to a desktop OR a phone with one of these GPS mapping apps loaded on it. GPS Mapathon Groups can also optionally bring phreaking equipment, lockpicks, voltage testers, WiFi Sniffers, radio scanners and any other portable device that can pull metrics/manipulate devices:
OsmAnd (REQUIRED): http://osmand.net/
OSM Contributor Mapping Tool (Andriod): https://play.google.com/store/apps/details?id=io.mapsquare.osmcontributor&hl=en