DEFCON 201

North East New Jersey DEFCON Group Chapter. We meet at Sub Culture once a month to hack on technology projects! https://www.defcon201.org

.::DEFCON 201 August Social Meet Up  —  Caffeine and Code::.

====================================================== Date: August 25th, Sunday

Time: 7:00 PM — 10:00 PM

Location: Las Chicas Bakery & Cafe (4707 Bergenline Ave Union City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/263259737/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/1153267718209640/

======================================================

Welcome to our Caffeine & Code DEFCON 201 Social Meet Up of 2019!

DEFCON 201 Social Meet Ups are the reverse of our normal meetings. Unstructured, relaxed, casual, social exploring a new part of North East New Jersey at different days and times. This allows us to bring out people who could normally not make our monthly meet ups and allows us to get some fresh perspectives and have fun with new people.

This is the third in a special series called “Caffeine & Code”.

Bring your laptops and get pumped full of bean juice as you hack away at code!

Our third Caffeine & Code will take place at the Las Chicas Bakery & Cafe, 4707 Bergenline Ave Union City, NJ (a block and a half from the Bergenline Ave stop on the Hudson-Bergan Light Rail).

https://www.laschicasbakery.com/

As long as you order a drink and/or food item, you can code with us!

::END OF LINE::

.::DEFCON 201 Meet Up — August 2019 — DEFCON 27 Decompression::.

====================================================== Date: August 16th, Friday

Time: 7:00 PM — 10:00 PM

Location: Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/262871631/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/460794951165937/

Hackaday: https://hackaday.io/page/6458-defcon-201-meet-up-august-2019-defcon-27-decompression

======================================================

Welcome to the August 2019 DEFCON 201 Meet Up!

Hacker Summer Camp in 2019 has ended. BSides LV had an amazing first CISO line up, Black Hat USA has the most sexism a modern hacker convention can get, and DEFCON 27 absolutely rocked with new villages, lots of lost and found items, shuttle buses breaking down and raising funds for breast cancer at the first ever b00bcon.

If you survived that crazy week, come to our meeting to tell your tale and show off your swag! If you didn’t come down, this will be the calm before the storm for Fall 2019 so bring that project you have been working on since Bitcoin Cash forked (again) and work on it with fellow tech heads!

About our venue:

We welcome you to Sub Culture at 260 Newark Ave in Jersey City. Five blocks from the Grove Street Path station and right on the NJ Transit Bus Stop; enjoy Free-Wifi, affordable (meat and vegan) food, power strips, video games on Raspberry Pi and sweet times! More information at https://www.subculturejc.com

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG

.::AGENDA & SCHEDULE::. 7:00pm — 8:00pm Meet & Greet 8:00pm — 8:10pm Configuring Privoxy & JonDo — n0ctilucient 8:10pm — 8:40pm Hacker Summer Camp Show & Tell — Everyone 8:40pm — 9:55pm Open Workshops Projects 9:55pm — 10:00pm END OF OFFICIAL MEET UP

.::OPEN PROJECTS::.

Practice Lockpicking & Locksport — Sidepocket & GI Jack

.::LIGHTNING TALKS::.

Configuring Privoxy & JonDo :..>TBA :.> Bio: n0ctilucient (TBA)

Hacker Summer Camp Show & Tell :..> Did you visit Las Vegas anytime between August 6th through August 11th? Did you go to BSides Las Vegas, Black Hat 2019, Wicked6 Cyber Games, QueerCon, Dianna Initiative or any other Hacker Summer Camp SIGS? Come down, bring your swag and share your experience, stories, tales and drunken rants about this year’s hacker insanity with fellow Dirty Jersians!.

.::OPEN PROJECTS::.

Practicing Lockpicking & Locksport :..>DEFCON 201 will have padlocks and professional practice tumblers provided by TOOOL to practice on. Fun and easy to learn for all ages and backgrounds with two expert instructors!

DEFCON 201 VIDEO FILMING :..>DEFCON 201 will expand into video media in late September. We will be launching various videos including an Introduction, Member Spotlights, Archived Lightning Talks, Tutorials, Directions and more on the DTube, Vimeo and YouTube Mirror platforms. We will also have downloadable copies on the DEFCON 201 NextCloud of select media for DEFCON 201 Members who want hard copies of videos. If you want to be in the Introduction, Member Spotlights or Archive Lighting Talks you can inquire into us about signing our DEFCON 201 Consent Forums and we will walk you through the process. Those who have not signed our DEFCON 201 Consent Forums during meetings will NOT be recorded in Video or Audio as per our policy. Furthermore, any instances of media recording photo/video/audio via DEFCON 201 Staff will be alerted to all president attendees beforehand prior to recording.

::END OF LINE::

.::DEFCON 201 Online CTF Practice — Crypto CTF — August 10th-11th::.

Welcome to the DEFCON 201 Crypto CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2019), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This Saturday, from August 10th 2:00 PM EST to August 11th 2:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Crypto CTF 2019!

Website: https://cryp.toc.tf/

CTF Time Page: https://ctftime.org/event/809

Meet-Up: https://www.meetup.com/DEFCON201/events/262871871/

Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channe. Our Discord will have our Team Invite passphrase. When registering your username, select “I have an invitation code to an existing team” and enter the passphrase posted in our Discord #CTF chat. You are then ready to hack away!

========================================================== DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304 ==========================================================

::RULES::

Welcome to the Crypto CTF!

Crypto CTF is an online competition for hackers to test, evaluate, and expand their cryptography exploiting skills. In this CTF we will provide various crypto challenges regarding modern cryptography techniques.

All crypto lovers are most welcome

Each task will be based on a particular cryptographic primitive or it will include a direct application of cryptography in other fields.

Each team is only allowed to participate under one name.

There is no restriction on the number of team members.

If you have questions about tasks, ask moderators in IRC chat or Email. No points will be deducted for these questions.

If this is the first time you play over, you should know that a flag is a sentence or code that you should find in each level. There is no exact procedure to find them, you have to do several tests and think out of the box to get them. Eventually, you’ll understand the dynamics of the CTF and how to quickly solve challenges.

If you are sure your flag is true (we mean %100 SURE), but our system does not accept it, inform us via chat.

Reporting bugs in the contest infrastructure has a reward.

Thou shalt not be a jerk. We are all here to learn something new.

Any attempt to disrupting the contest will result in disqualification.

We have a dynamic scoreboard. That means the more teams solve a challenge, the less point each team gets.

All flags must be in this form: CCTF{[0–9a-zA-Z_–]+.}, unless the contrary is stated.

Flag example: CCTF{somel33tstringl1k37hi5}

There would be at least 24 tasks.

You can find the latest news and announcements about this contest on the announcements page.

Registration will be open until the end of the game.

The address of the live chat channel is freenode #cryptoCTF

Long Live Crypto!

Happy Hacking!

::END OF LINE::

.::DEFCON 201 — Ye Official Constitution::.

==Preamble==

We hold these truths to be self evident that all human hackers are created equal, and that all things are designed to be engineered, taken apart, and hacked. We, the hackers, of DEFCON 201, North New Jersey do solemnly conspire to hold in institution the finest collection of backyard engineer, hacks, and creative uses for all manners of technology. We seek a space to discus technology and work on projects free of outside restrictions imposed by detrimental social constructs. We inspire to be ethical, and hold the use of technology for the better of mankind in our works and plans. We are a DEF CON Group, Area Code 201, Northern New Jersey.

==Section I – Vision==

DEFCON 201 is a DEF CON group, and affiliate of the DEF CON Groups program started by DEF CON Hacker & Security Convention. We aim to provide the DEF CON experience in the off season, providing talks and workshops,in the Northern Eastern Section (general Hudson County area) of New Jersey. This shall be defined from the New York Border, South to the Driscol Bridge, and west until where Route 15 intersects Route 80. We encourage all others outside of this range to start or join other local DEF CON groups, but shall be welcome to attend anyway.

DEFCON 201 is a technical group, but we seek to involve members of all skill levels, and there is no skill level requirement to join. We are not an “elite” group, we invite all skill levels to attend and participate where hopefully everyone can learn something, and encourage public participation.

DEFCON 201 aims to give back to the community, and assist with charitable works of technology, and improving the lives of New Jerseyians through better use of technology.

DEFCON 201 is to identify as a hacker group, not an InfoSec organization or other labels. We aspire the keep the hacker spirit going. We aspire to be FREE as in speech, thinkers, and promote the ability of the individual to freely operate machines and all engineered constructs as they see fit, for ethical purposes.

DEFCON 201 aspires to register itself as a 501.3 charitable organization or whatever shall happen to replace that statue if said stature it is replaced that fulfills the same role. We aspire to do charity works of bringing technology to the communities of Northern New Jersey in a way that is FREE, OPEN, and helpful to the people of New Jersey. We seek to bridge the digital divide, not of just who gets to use technology but who gets to create technology.

DEFCON 201 as such, conspires to be a democracy of members, where members are equals brought together for their love of technology, engineering, and hacking in general.

DEFCON 201 is a DEF CON group, and shall do its earnest to place itself on good terms with all other DEF CON groups local and abroad in addition to the DEFCON event in Las Vegas.

==Section II – Membership==

  1. Membership is to be open to all persons who either live, work, play, or identify with North Eastern New Jersey. Membership shall be open to, and without prejudice for members of any gender, gender identity, gender expression, sexual orientation, age, disability, physical appearance, body size, race, national origin, or religion. There shall be no test of religion, ideology, creed or other belief, but we reserve the right to reject anyone who holds beliefs against the rights, dignity, and freedoms of persons based on race, national origin, gender, or sexual orientation. We reserve the right to refuse people who have made themselves known to start negative trouble with existing members, other groups, or in general. While we do not restrict membership based on age, but we ask that persons be intellectually and emotionally mature.

  2. DEFCON 201 is a formal organization with an official membership list. To join DEFCON 201 you must be asked to join by the existing membership and then will be voted on by existing members. All membership votes must be unanimous. Only full members will have a right to vote on topics involving DEFCON 201’s operation methods and planning timeline. Membership will be phased to potentially weed out problematic persons and can revoked for violation of member rules.

  3. There shall be three phases of Membership:

    A. Associate (Honorary Member, and/or Friend) of DEFCON 201. For all people just joining us, members of other DC groups, from outside the area, or with no real interest of formally joining. People who come and go, but have not made themselves unwelcome in any part. Will not have any responsibilities. May volunteer or express interest in joining formally. Not formally part of the organization. No voting rights and no access to DEFCON 201 Membership Resources.

    B. Trial Member. After being an Associate for about 3 months or until our members feel comfortable about your public behavior and you’ve expressed interest in joining, you might be asked to be a Trial Member. Trial members are not to be abused, ordered around, or hazed. They must participate in DEFCON 201 events, and help out with things as members. Trial Members do not get a vote in group matters.

    C. Full Member. In general, after another minimum 3 months, when the existing members feel comfortable. A Trial Member will be asked to join DEFCON 201 as a full member. All full members are considered equals. The vote must be unanimous, and it is a measure of trust in the member who is joining. Members shall have a vote on group issues and operations. Members shall have access to shared resources of the group, either equally, or as voted by DEFCON 201.

    D. Founding Members. The Founding members of DEFCON 201 are Sidepocket and GI_Jack. There shall be no special privilege to founding, except their membership was not voted upon.

  4. Revoking Membership. On the rare occasion we might need to revoke membership. A “vote to kick” may be brought up by any Full Member, and Full Member only. A reason why must be given. Valid reasons include: breaching the code of conduct, harassing other members, committing disreputable actions in the name of DEFCON 201, misusing monies or other club resources, and/or not participating for extended periods of time. The vote to kick must be unanimous of all voting members.

==Section III – Business, Organization, Operation==

  1. While understanding and appreciating the difference between “black hat” and “unethical” actions: Neither black hat, nor unethical activities shall be brought to DEFCON 201.

  2. All major issues shall be brought to vote. Simple issues shall require a simply majority to pass. Motions to change policy or the constitution shall require a 2/3rds super majority. All membership votes either in or out shall be unanimous.

  3. Voting can either occur in person or via official DEFCON 201 online resources. The members section of the website has a poll. This shall be considered official. Online polls involving group business shall be online for about a week and made known to all members.

  4. Membership can be revoked by a group vote to kick out an existing DEFCON 201 Member. Reasons to revoke membership include breaching the code of conduct, harassing other members, committing disreputable actions in the name of DEFCON 201, misusing monies or other club resources, and/or not participating for extended periods of time.

  5. Club Officers shall be elected to fulfill roles in the organization. The only set role shall be moderator who leads discussions, and shall be able to break ties in organization votes. When DEFCON 201 incorporates as a charity, or for any other reason gains a budget or holds money, financial instruments or things of value, a Treasurer is to be elected for the purpose of managing these. Officers, other than moderators have no special rights, and are role oriented positions. The moderator is not to be above any other member.

  6. Elections for moderator and all other officer positions are to be done every year during March of the organization’s Anniversary. Any full member in good standing may run. Voting is to be done in person, at the March meeting, or online if agreed by a 2/3s vote. If voting online, a vote must be posted in the members section, and be online for at least 1 month, or until all members vote. The winner of any election will be that person who receives the most votes, so long as they are more than %50 of the membership. If no candidate receives more than %50 of the vote, a runoff with the top three candidates will take place. If

6a. Recall Vote: Any elected position may be recalled with 60% super majority vote at any time for any reason. After a recall, a new vote shall be held to fulfill that position at earliest possible convenience.

  1. In any vote two thirds (66%) of all eligible members need to vote for it to count. If a member has a good excuse for an absence on voting, and would wish to vote, it can be amended if no action has been taken.

  2. No one shall trick or coerce a member into voting a certain way. Tricked or coerced votes will not be counted, and the voting process shall be restarted without tricks or coercion.

  3. The moderator may do day to day running of the club and resolve minor issues on their own authority. However, any member at any time may reject this and call any club action of the moderator to a vote. The vote will always override a moderator’s decision.

  4. Leave of Absence. Full members may leave for up to 1 year, where they are marked as inactive. Inactive members have no vote, but may keep their online services intact(such as email). After such time they will be removed.

  5. Any person exhibiting abusive behavior, violating the rules, or acting counter to good nature of DEFCON 201 may be banned from DEFCON 201 meetings and events. Provokers will not be exempt from the DEFCON 201’s Constitution or Code of Conduct rules due to personal reasons.

==Section IV – Five Points==

It is here recognized our earlier 5 Points from the weblog are part of the creed DEFCON 201 character. This wording shall be considered cannon moving forward.

  1. Project Oriented Workshop DEFCON 201 is here to be a “hands on” workshop. While we aim to have great speakers from about the nation, and globe, we encourage our members, friends, associates and participants to get their hands dirty. We love to host talk by any participant. Share your interesting idea, and recruit more people to help further your technological endeavors.

  2. No 1337 Skill requirements We are not not an “elite” group, but instead aim to engage people of all skill levels and challenge them to learn more. We cater to all skill levels from beginner to advanced. Our mantra of “better than you where yesterday” is the only level of skill you need to obtain.

  3. Rekindling the Hacker Ethic and Hacker Mentality Information was meant to be FREE. This cannot be stated enough. We collectively feel a lot of the old hacker mindset has been washed away by very same skill specific trades such as “InfoSec” which have become glorified QA. It is even more appalling that many of these trades where started by hackers, but to the current crop of “professional”, hacker remains a dirty word. We want to challenge the way people look at technology, and this is more than simply a career path. This is a way of thinking, and a way of approaching certain situations. We are here to keep cyberspace Free, and the tools and information about these tools to be Freely available both online and off. We aspire to promote Free as in speech software and tools, and FREE, Democratic, Peer-led organizations to solve real world problems that real persons face.

  4. Leave Nobody Behind Our Founders and Members are all too familiar with being in an environment where you are attempting to learn and instead of guidance your peers are instead antagonistic and brings petty scene drama into the subject. We feel that not only does this stifle learning hacker skills and mentality but contributes to the already negative stigma of hackers in our community. Therefore, we declare that DEFCON 201 will be an environment with a policy of improving everyone and not leaving people behind in the learning process. We either all succeed together or all fail together and we will repeat and try new methods of teaching for skills until everyone is on the same page.

  5. Improve & Give Back To Local Community There continues to be a stunning “digital divide” in who gets access to technology. DEFCON 201 aspires to give back to the community by helping bridge this gap, by making digital creation tools available to the public, and participate in projects that make a full internet capable general purpose computers available to all members of society regardless of their background, technical proficiency and perceived social status. To create projects that feature accessibility as a priority and to make fast, unrestricted internet available for eveyone. Information is not truly FREE unless all are FREE to access it.

==Section V – Code of Conduct==

  1. We at DEFCON 201 do not tolerate verbally or physical harassment, discrimination or disparaging remarks of event participants, attendees or DEFCON 201 Members in any form.

1a. Harassment includes—but is not limited to—unwelcome conduct or offensive verbal comments related to gender, gender identity, gender expression, sexual orientation, age, disability, physical appearance, body size, race, national origin, or religion; deliberate intimidation, stalking, following, unwelcome or unauthorized photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention.

1b. Encouraging others to engage in such behavior is not permitted, nor are false accusations of harassment.

1c. Event participants, attendees and DEFCON 201 Members must own up to their own mistakes if confronted by DEFCON 201 CoC Officers about a report or witnessing of an event participant/attendee/DEFCON 201 Member is being harassed.

  1. There shall be no official ideology of DEFCON 201. However, people espousing ideas or belonging to groups that deny social, economic and/or political agency to persons or groups based on their race, ethnicity, religion, national origin, gender identity/expression, disability status, sexual orientation, or perception thereof; therefor will not be allowed to attend or participate is DEFCON 201 events and meet ups. Persons openly espousing ideas that remove others Freedoms shall not be welcome. This includes any groups that openly states in denying agency to said persons regardless of their actual capacity to do so.

2a. Persons known to be participating in organizations designed to remove political rights, harm, harass, disparage others based on real or perceived sexual orientation, gender, racial or ethnic background will not be tolerated.

  1. You will not otherwise violate principles found in this constitution.

  2. You will not steal, harass, defraud, coerce, lie to, assault, anyone else in DEFCON 201, any welcome guests, to include any other member of any other DEFCON group. This includes sexual harassment.

4a. This includes threats or implying any action from section 4.

4b. Any attempts at black hat social engineering on DEFCON 201 members for whatever reason will be considered assault.

  1. All persons at DEFCON 201 events shall be addressed by whatever names they ask to be addressed as. No exceptions. Pseudonyms are recommended and encouraged due to hacker tradition, but it is not demanded.

5.a All persons at DEFCON 201 events shall be identified by whatever gender they identify themselves as, and use whatever pronouns the person wishes. No exceptions. If you need to know, ask in a polite and respectful manner.

6*. Members of DEFCON 201, who are of age of legal age, and not of responsibilities such as driving that would prohibit them, may consume alcoholic beverages served and/or brought at DEFCON 201 events, provided they are otherwise not prohibited by law or good taste. Members of DEFCON 201 may also abstain from alcohol for any reason as well.

  • – As of this writing, legalization of marijuana for recreational consumption is being considered by the State of New Jersey. If New Jersey does in fact legalize cannabis for recreational consumption, members are allowed to consume on the same terms as alcohol.

6a. Consumption of alcohol or any other intoxicating substance is not an excuse for poor behavior. All rules are still in effect drunk or sober,. “had a bit too much to drink” will never be an excuse.

  1. No member of DEFCON 201 will doxx, or leak documents containing personal information of anyone. No member of DEFCON 201 will publish noted private information to the public, or other parties not given due authorization. This also applies for DEFCON 201 private documents, to private communications, to personal communications with another person that has not consented to release explicitly. Exception to this will be leaking or reporting to authorities evidence of wrongdoing with the interesting in remediating such.

  2. You shall not sexually harass or make any unwanted sexual advances to anyone. Accusations of such will be taken seriously. Reports of sexual misconduct are to be investigated by DEFCON 201 CoC Officers.

  3. All attendees, speakers, on-location event staff and volunteers at our events are required to refrain from harassment and to follow the DEFCON 201 CoC Guidelines established in Section V. DEFCON 201 CoC Officers will enforce this Code throughout the event(s), and expects cooperation from all participants, attendees and DEFCON 201 Members.

9a. In normal event interaction if you as an event participant/attendee/DEFCON 201 member and encounter an interpersonal situation where you are being negatively affected by (a) disparaging remark(s) we encourage you to request that the person stop the unwelcome or harassing behavior, provided that it is safe to do so. Participants who are asked to stop any such behavior are expected to comply immediately.

9b. If the scenario in 9a of the DEFCON 201 CoC persists with out any rectification of error by the instigator and/or you are being harassed, notice that someone else is being harassed, or have any related concerns, please contact a DEFCON 201 CoC Officer or event organizers immediately. DEFCON 201 CoC Officers can be identified by their clearly marked “DEFCON 201 CoC Officer” sticker badge. You can also phone email DEFCON 201 CoC Officers directly at info@DEFCON201.org or communicate by talking to a DEFCON 201 CoC Officer using the DEFCON 201 the Keybase, IRC #DEFCON201 on Freenode, Twitter @defcon201nj or Discord communication services via private messages.

  1. Those approved to present Lightning Talks and/or Workshops at DEFCON 201 events are responsible for the content of their presentations. DEFCON 201 requests that speakers be aware of potentially offensive actions, language, or imagery, and that they evaluate under guidance of DEFCON 201 CoC Officers whether it is necessary to convey their message. If said speaker and DEFCON 201 decide to include said content, DEFCON 201 asks that the presenter warn the audience at the beginning of the talk, and provide them with the opportunity to leave the room to avoid seeing or hearing the material.

==Section VI – Status Of A Living Document==

Henceforth, the published DEFCON 201 Constitution and Code fo Conduct will be perceived as a Amendable Living Document. Terms and conditions for changing the rules are in Section III DEFCON 201 business.

The Constitution and Code of Conduct are published publicly on our website, blogs and editor websites such as GitHub (https://github.com/defcon201/). Each version of this document will also be archived on the DEFCON 201 Website and via the Internet Archive. We do not have any hidden rules, agendas or sections of this document outside of unpublished updated versions that are being edited for review. Only when a rewritten DEFCON 201 Constitution and Code of Conduct is published publicly does it go into “law” and can be referenced and acted upon.

This last sentence states that what has been written above has been edited, read, understood and approved by members who have voted to agree to published that will be verified by the DEFCON 201 Warrant Canary**.

**-As of this writing, the DEFCON 201 Warrant Canary is in Development

::END OF LINE::

.::DEFCON 201 — Google CTF Practice Challenge — June 22nd::.

Welcome to the DEFCON 201 Google CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2019), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This Saturay, from June 21st 7:00 PM EST to June 22nd 7:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Google CTF 2019!

Website: https://capturetheflag.withgoogle.com/

CTF Time Page: https://ctftime.org/event/809

Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and hack away!

DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

::CLIENT INTERFACES::

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

:..>Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

::RULES::

Welcome to the Google CTF 2019 Quals

If this is your first time playing a CTF competition, we suggest you start in the Beginner’s Quest here. If you are a seasoned and experienced player, or feel ready for a harder challenge, our competition will be running from June 22 00:01 UTC until June 23 23:59 UTC. Once the competition starts, the challenges for the main competition will be available here.

Q: Is there a limit of players per team?

A: There is no limit of players in a team.

Q: I got an error: PERMISSION_DENIED: Permission denied.

A: Try picking a different team name, the team name you inserted is already taken.

Q: I got an error: This browser is not supported or 3rd party cookies and data may be disabled.

A: Enable 3rd party cookies. Instructions for Chrome are available under “Allow or block cookies by default”. https://support.google.com/chrome/answer/95647 Where can I submit a write-up?

Please submit all write-ups as an attachment in CommonMark Markdown format to google-ctf-writeups@google.com. If your write-up can’t be submitted in Markdown (for example, if it’s a video, or an app), please send us a link to a ZIP file we can use to download it. The deadline for write-up submission is June 30 23:59 UTC. Any write-up received after that will not be accepted. Where can I ask a question?

During the competition, you can reach the Google CTF team on IRC on ##ctfcompetition on freenode. Click here to join with your web browser. You can also reach us by email at google-ctf@google.com.

Happy Hacking!

::END OF LINE::

.::DEFCON 201 Meet Up — June 2019 — PEBKAC::.

====================================================== Date: June 21st, Friday

Time: 7:00 PM — 10:00 PM

Location: Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/262409039/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/2429540473771618/

Hackaday: TBA

======================================================

Welcome to the June 2019 DEFCON 201 Meet Up!

Defy the rain (why are we Washington State this week?) and come down to get your hack on! After a fabulous PRIDE event, we return to the reoccurring meeting which will have announcements on DEFCON 201 Membership, cool talks, free booze, huge sandwiches, video games, making fun of crypto bros, mainframe password cracking and much more!

.::AGENDA & SCHEDULE::. 7:00pm — 8:00pm Meet & Greet 8:00pm — 8:10pm Configuring Privoxy & JonDo — n0ctilucient 8:10pm — 8:20pm Joy Con-ning The Nintendo Switch Hardware & Accessories— sirocyl 8:20pm — 8:40pm Learning About Libra and Why Facebook’s Cryptocurrency is Pure High Octane Nightmare Fuel — Sidepocket 8:40pm — 9:55pm Open Workshops Projects & Black Hat Webinar 9:55pm — 10:00pm END OF OFFICIAL MEET UP

.::OPEN PROJECTS::.

Practice Lockpicking & Locksport — Sidepocket & GI Jack

.::LIGHTNING TALKS::.

Configuring Privoxy & JonDo :..>TBA

:.> Bio: n0ctilucient (TBA)

Joy-Con-ning The Nintendo Switch Hardware & Accessories :..>Bio: sirocyl — Member of SwitchRoot and Founder of the famitracker.org

Learning About Libra and Why Facebook’s Cryptocurrency is Pure High Octane Nightmare Fuel :..>A few days ago, Facebook announced Libra, a new worldwide cryptocurrency platform that the company hopes to become the new de facto in global eCommerce. In this talk, DEFCON 201 Co-Founder Sidepocket will go over the Libra platform, what makes it tick and why this whole initiative by Facebook is a horrible idea including privacy concerns and evil open source hacks.

:.>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

BLACK HAT WEBINAR REPLAY — Don’t Let Your Mainframe Passwords be the Weakest Link in Your Enterprise :..>Most massive financial institutions rely on the IBM Mainframe platform for their day-to-day business. Without this critical platform, those businesses would cease to function. At the heart of securing any system, no less the venerable IBM mainframe, are the authentication methods used to verify users. We will examine the various password storage options for IBM’s RACF (Resource Access Control Facility) as implemented in z/OS.

Could a breach of your mainframe lead to a breach of the rest of your network? If you synchronize passwords and use one of the legacy algorithms for RACF, the answer may be: yes!

Depending on how your z/OS system is configured, the passwords may be stored using algorithms ranging from what basically amounts to cleartext, all the way up to world-class password encryption. Did you know the mainframe supports long passphrases, Multi-Factor Authentication and can also generate passtickets? If your enterprise uses RACF to secure its mainframe, you should register.

This talk is geared for technical decision makers, mainframe security personnel that want to learn more, or anyone with an interest in how z/OS stores its passwords / passtickets. You will learn how RACF stores its password information; the different types of password storage algorithms — with weaknesses / strengths in each — and also how to implement passtickets properly to avoid compromise.

:..>Bio: Chad Rikansrud is the Director of North American Operations for RSM Partners — a world leader in IBM mainframe security consulting services. Most of Chad’s 20-year career has been in technology leadership for the financial services industry.

.::OPEN PROJECTS::.

Practicing Lockpicking & Locksport :..>DEFCON 201 will have padlocks and professional practice tumblers provided by TOOOL to practice on. Fun and easy to learn for all ages and backgrounds with two expert instructors!

DEFCON 201 VIDEO FILMING :..>DEFCON 201 will expand into video media in late September. We will be launching various videos including an Introduction, Member Spotlights, Archived Lightning Talks, Tutorials, Directions and more on the DTube, Vimeo and YouTube Mirror platforms. We will also have downloadable copies on the DEFCON 201 NextCloud of select media for DEFCON 201 Members who want hard copies of videos. If you want to be in the Introduction, Member Spotlights or Archive Lighting Talks you can inquire into us about signing our DEFCON 201 Consent Forums and we will walk you through the process. Those who have not signed our DEFCON 201 Consent Forums during meetings will NOT be recorded in Video or Audio as per our policy. Furthermore, any instances of media recording photo/video/audio via DEFCON 201 Staff will be alerted to all president attendees beforehand prior to recording.

::END OF LINE::

.::DEFCON 201 Special Meet Up — May 2019 — Be Gay, Hack Everything::.

====================================================== Date: June 20th, Friday

Time: 7:00 PM — 10:00 PM

Location: Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/259623877/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/372131916995241/

Hackaday: TBA

FetLife: TBA ======================================================

Welcome to the a Special June 2019 DEFCON 201 Meet Up!

Hacking is incredibly gay. Very gay. Heck, the earliest hackers coded on machines who had rainbows as their logos is how gay things were even back then. So we are going to take out time a day before our usual meet up to honor and celebrate those hackers and tinkerers who just happen to be part of the LGBTQ+ community.

After we mingle and learn, we will go and party at our local club Six 26 to see if we can convert some frogs to our organization!

NOTE, we are still going to have the usual meet up the day after! A link will be posted here if you want to read details about that meet up: TBA

About our NEW venue:

This Venue and Meet Up is a LGBTQ+ Safe Space

We welcome you to Sub Culture at 260 Newark Ave in Jersey City. Five blocks from the Grove Street Path station and right on the NJ Transit Bus Stop; enjoy Free-Wifi, affordable (meat and vegan) food, power strips, video games on Raspberry Pi and sweet times! More information at https://www.subculturejc.com

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG

.::AGENDA & SCHEDULE::. 7:00pm — 8:00pm Meet & Greet 8:00pm — 8:10pm An Introduction to Queercon 16 — QueerCon NYC 8:10pm — 8:25pm Queering up the Internet — Anna Lytical 8:25pm — 8:40pm Talk TBA — TBA 8:40pm — 9:00pm SESTA/FOSTA — Sidepocket & TBA 9:00pm — 9:55pm Open Workshops + Projects 9:55pm — 10:00pm END OF OFFICIAL MEET UP & SIX26 AFTER PARTY

.::OPEN PROJECTS::.

Practice Lockpicking & Locksport — Sidepocket & GI Jack

.::LIGHTNING TALKS::.

An Introduction to Queercon 16 :..>Queercon started 10 years ago as a hacker party inside of the annual Defcon hacker conference. Over the decade Queercon has grown into the largest social network of LGBT hackers from around the world. This year, Queercon 16 will be hosted at the Alexis Park and connected to DEFCON 27 with various talks, activities and parties. Come hear what it’s about, what is new this year and see what creative hacks the LGBTQ+ Community has come up with!

:..> Bio: Queercon NYC is the New York City Metro Area Queercon chapter that support the community of LGBTQ+ hackers in the NYC metro area with social events and volunteer opportunities

Queering Up The Internet :..>I combined my passions of drag and coding together to create tutorials teaching programming and computer science using references that relate and engage LGBTQ+ people. I’ll show some of the projects I’ve built, preview upcoming work and talk about why I think it’s important to make coding not just accessible but also fun and exciting.

:..>Bio: Anna Lytical is drag queen, engineer at Google and on a mission to teach the dolls how to code!

TALK TBA :..>TBA

:.>Bio: TBA

SESTA/FOSTA :..>Stop Enabling Sex Traffickers Act (SESTA) and Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) are the U.S. Senate and House bills that as the FOSTA-SESTA package became law on April 11, 2018, passed the Senate with a vote of 97–2, with only senators Ron Wyden and Rand Paul voting against it. They clarify the country’s sex trafficking law to make it illegal to knowingly assist, facilitate, or support sex trafficking, and amend the Section 230 safe harbors of the Communications Decency Act (which make online services immune from civil liability for the actions of their users) to exclude enforcement of federal or state sex trafficking laws from its immunity. While sounding pretty on paper, it has caused huge complications for online users such as increased internet surveillance, racial and gender discrimination, mass censorship , creating greater economic disparity between sex workers and ultimately empower criminals and corporations over independent providers. In this talk, Sidepocket and a special guest will go over what these laws are, what is going wrong and how people are fighting back against it.

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

Six 26 Afterparty :..>The activities don’t end at 10:00 PM! After our normal meet up we will carry our hacks a few (walk-able) blocks to Six 26, a Lounge and Rooftop for the LGBTQ community! You must be 21+ to enter with ID. More info at: https://six26.co/

Practicing Lockpicking & Locksport :..>DEFCON 201 will have padlocks and professional practice tumblers provided by TOOOL to practice on. Fun and easy to learn for all ages and backgrounds with two expert instructors!

DEFCON 201 VIDEO FILMING :..>DEFCON 201 will expand into video media in late September. We will be launching various videos including an Introduction, Member Spotlights, Archived Lightning Talks, Tutorials, Directions and more on the DTube, Vimeo and YouTube Mirror platforms. We will also have downloadable copies on the DEFCON 201 NextCloud of select media for DEFCON 201 Members who want hard copies of videos. If you want to be in the Introduction, Member Spotlights or Archive Lighting Talks you can inquire into us about signing our DEFCON 201 Consent Forums and we will walk you through the process. Those who have not signed our DEFCON 201 Consent Forums during meetings will NOT be recorded in Video or Audio as per our policy. Furthermore, any instances of media recording photo/video/audio via DEFCON 201 Staff will be alerted to all president attendees beforehand prior to recording.

::END OF LINE::

.::DEFCON 201 — Facebook CTF Online Practice Challenge::.

Welcome to the June DEFCON 201 Facebook CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2019), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This weekend, from May 31th 8:00 PM EST to June 2nd 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Facebook CTF 2019!


Website: https://www.fbctf.com/

CTF Time Page: https://ctftime.org/event/781


Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and hack away!


DEFCON 201 Discord Link: https://discord.gg/PGgPNEF


::CLIENT INTERFACES::

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

:..>Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304


::RULES::

Want to play? Here’s what you need to know:

A valid email address is required in order to participate.

Playing on multiple teams is not allowed and will lead to disqualification.

All flags will be in the form fb{} unless otherwise specified.

We use dynamic scoring. The more teams that correctly solve a problem, the less points that problem is worth.

Sharing flags or other collaboration between teams is not allowed.

Attacking the CTF infrastructure or engaging in activity to prevent other teams from solving competition challenges will result in disqualification.

If you discover any bugs that may allow for manipulation or disruption of the CTF, please report the vulnerability to gulshan@fb.com.

Blind brute force or automated vulnerability scanners are not required to solve any of the CTF challenges. Some challenges may require a small amount of brute force, but only after reducing the possibilities to a feasible range. If you’re unsure if you’ll be violating this rule, ask an admin.

Please read the full rules and conditions to determine eligibility.

Need Help?

Join the #fbctf-2019 IRC channel on Freenode, which you can access from your web browser here: https://webchat.freenode.net/?channels=%23fbctf-2019

Please reach out to gsingh93 on IRC with any questions.


Happy Hacking!

::END OF LINE::

.::DEFCON 201 Meet Up — May 2019 — The System Is Down::.

====================================================== Date: May 17th, Friday

Time: 7:00 PM — 10:00 PM

Location: Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/259623877/

Facebook: https://www.facebookcorewwwi.onion/events/2998856986821575/

Joind.In: TBA

Hackaday: https://hackaday.io/page/6206-defcon-201-meet-up-may-2019-the-system-is-down ======================================================

Welcome to the May 2019 DEFCON 201 Meet Up!

This is the start of the summer season for DEFCON 201 activities where we ramp up our hacks and do more events that involve going to that thing that exist outside of your apartment called the “outside”.

Coming off the heals of our new Coffee & Code series of social meet ups, the beginning of our Capture The Flag initiative and before our venture out to NJ SECON, join us in a continued celebration of our new venue and find out what is up ahead for DEFCON 201 from June to September!

About our NEW venue:

We welcome you to Sub Culture at 260 Newark Ave in Jersey City. Five blocks from the Grove Street Path station and right on the NJ Transit Bus Stop; enjoy Free-Wifi, affordable (meat and vegan) food, power strips, video games on Raspberry Pi and sweet times! More information at https://www.subculturejc.com

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG

.::AGENDA & SCHEDULE::. 7:00pm — 8:00pm Meet & Greet 8:00pm — 8:10pm Configuring Privoxy & JonDo — n0ctilucient 8:10pm — 8:40pm Talk TBA — NCommander 8:40pm — 8:50pm Vintage Computer Festival East 2019: A Recap and Show & Tell— sirocyl 8:50pm — 9:55pm Open Workshops + Projects & Black Hat Webinar 9:55pm — 10:00pm END OF OFFICIAL MEET UP & AFTERPARTY

.::OPEN PROJECTS::.

Practice Lockpicking & Locksport — Sidepocket & GI Jack

.::LIGHTNING TALKS::.

Configuring Privoxy & JonDo :..>TBA :.> Bio: n0ctilucient (TBA)

Talk TBA :..>Bio: NCommander (TBA)

HVintage Computer Festival East 2019: A Recap and Show & Tell

:..>Two weeks ago from May 3rd to May 5th, the Vintage Computer Festival (VCF) East took place in Wall NJ. In this short talk, our presenter will go over the carnival of retro technology including a show and tell of the COMPAQ SLT 286 he bought at the festival.

:.>Bio: sirocyl — founder of the famitracker.org FamiTracker and Famicom/NES music community.

BLACK HAT WEBINAR — The Importance of Logs: You Won’t See What You Don’t Log

:..>As a Team, Cisco’s CX EMEAR Security Architecture team sees an awful lot of customer sites and systems where logging is either unconfigured or where it is configured in an inappropriate fashion.

In our experience, we find issues relating to this in over 50% of assessment engagements which climbs still further for engagements where we’re asked to actively deliver our incident response capabilities. It’s not often talked about but effective logging is a key control both to give the blue team visibility of the network they’re defending and to enable accurate analysis in the event of an incident. This talk will cover:

Why logging goes wrong How to start to plan your logging requirements Case studies Where to go next

:..>Bio: Tim (Wadhwa-) Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco’s bespoke methodologies covering subjects as diverse as secure development, host hardening, risk and compliance, ERP and SCADA. In 2016–2017, Tim looked at targets as varied as Active Directory, z/OS mainframes, power stations, cars, banking middleware and enterprise SAP Landscapes. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista and web application security to his name.

.::OPEN PROJECTS::.

Practicing Lockpicking & Locksport :..>DEFCON 201 will have padlocks and professional practice tumblers provided by TOOOL to practice on. Fun and easy to learn for all ages and backgrounds with two expert instructors!

DEFCON 201 VIDEO FILMING :..>DEFCON 201 will expand into video media in late September. We will be launching various videos including an Introduction, Member Spotlights, Archived Lightning Talks, Tutorials, Directions and more on the DTube, Vimeo and YouTube Mirror platforms. We will also have downloadable copies on the DEFCON 201 NextCloud of select media for DEFCON 201 Members who want hard copies of videos. If you want to be in the Introduction, Member Spotlights or Archive Lighting Talks you can inquire into us about signing our DEFCON 201 Consent Forums and we will walk you through the process. Those who have not signed our DEFCON 201 Consent Forums during meetings will NOT be recorded in Video or Audio as per our policy. Furthermore, any instances of media recording photo/video/audio via DEFCON 201 Staff will be alerted to all president attendees beforehand prior to recording.

::END OF LINE::

.::DEFCON 201 CTF Practice Challenge — May 10th-May 13th::.

Welcome to the May DEFCON 201 CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2019), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This weekend, from May 10th 0:00 UTC (8:00 PM EST) to May 13th 0:00 UTC (8:00 PM EST), we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Order Of The Overflow DEFCON 27 CTF Qualifier!

Website: https://www.oooverflow.io/dc-ctf-2019-quals/

CTF Time Page: https://ctftime.org/event/762

Anyone can enter by joining our group and entering our DISCORD Chat! One in chat, select the #CTF channel and hack away!

DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

P.S. Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

-RULES-

:..>No Denial of Service — DoS is super lame, don’t do it or you will be banned :..>No sharing flags, exploits, or hints — Do your own hacks :..>No attacks against our infrastructure — Hack the challenges, not us :..>No automated scanning — For these challenges, do better

-New Challenge Type: SPEEDRUN-

We want to see who the fastest hackers are on the planet. So we created a new type of challenge: the speedrun. There will be one speedrun challenge released every 2 hours starting at May 11th 03:00 UTC for 24 hours (for a total of 12 challenges). Every speedrun challenge is running on the latest Ubuntu 18.04 with libc-2.27 md5 hash of 50390b2ae8aaa73c47745040f54e602f. To the winner go the spoils.

-SCORING-

As in 2018, all challenges (except for speedruns) will be adaptive scoring based on the number of solves: starting at 500 and decreasing from there (based on the total number of teams that solved the challenge).

Speedrun challenges have two ways to earn points: individual and overall.

Individual challenge scoring is based on the solve order of the speedrun:

First to solve: 25 points Second to solve: 20 points Third to solve: 15 points Fourth to solve: 10 points All other solves: 5 points

Overall speedrun scoring is based on the total solve time of a team over all speedruns (max of 2 hours for unsolved challenges):

First place: 300 points Second place: 200 points Third place: 100 points

For example, if one team solves all speedrun challenges first, they would receive 300 (25*12) points on individual speedrun and 300 points for being in first place overall.

-FLAG FORMANT-

Unless otherwise noted in the challenge description, all flags will be in the format:

OOO{...}

AND YOU MUST SUBMIT THE WHOLE THING, INCLUDING THE OOO{…}. POW

We may implement a POW (proof of work) in front of a challenge if we feel it is necessary. Specific POW, along with a client, will be released at game time.

-HINTS-

Do not expect hints. Particularly if a service is already pwned, it would be unfair to give one team a hint when it’s already solved. If we feel that something is significantly wrong, then we will update the description and tweet about it.

Happy Hacking!

::END OF LINE::