DEFCON 201

North East New Jersey DEFCON Group Chapter. We meet at Sub Culture once a month to hack on technology projects! https://www.defcon201.org

.::DCG 201 Online Meet Up — July 2021 — The Calm Before The Cyber Storm::.

====================================================== Date: July 16st, Friday

Time: 6:30 PM EST — 10:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/279514157/

Facebook [TOR]: TBA

Hackaday: TBA

=====================================================

Welcome to the July 2021 DCG 201 Meet Up!

Welp…better late that never?

Yes, we know there was no June meet up and we are announcing this one SUPER late. Sadly hacking does not exist in a vaccum and the calamity outside of computers in a post-vaxx world has impacted us over the past weeks.

But we have not been shut down by the FBI or abducted by ClownSec, we at DCG 201 have been plotting out how the rest of the year and into 2022 will go! New logo! New live stream shows! New in person meet ups outside of meetings! New conventions and yes, DEF CON 29 is coming!

Plus, big suprises you don’t want to miss LIVE!

So saddle up as we use July to take a small but patriotic look into the goving on of ‘guberment biz as we open DCG 201 to a whole new world!

See you at our last purely online show!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. 6:30pm — 7:00pm PRE SHOW :: All-Army Cyberstakes :: XXE Injection — John Hammond 7:00pm — 7:05pm DEFCON 201 Announcements 7:05pm — 8:00pm SkyPirate Interview 8:00pm — 8:30pm Counting To TENS aka When The US Department Of Defence Tries To Make Tails OS — Sidepocket 8:30pm — ??? DCG 201 Hacker Hangout + Games & MORE!

.::OPEN PROJECTS::. DCG 201 Hacker Hangout — Everyone Google CTF - Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone Among Us — Everyone

.::LIGHTNING TALKS::.

PRE SHOW :: All-Army Cyberstakes :: XXE Injection :..>All-Army CyberStakes is the premier Department of Defense individual, computer security, skills competition. The competition tests a diverse array of skills including forensics, cryptography, binary exploitation, reverse engineering, and web-based exploitation. In this video, world renown cybersecurity expert John Hammond (no not related to the Jurassic Park guy) will show off one of last year’s challenges solving it using a XML external entity (XXE) injection attack.

:..>Bio: Hi! My name is John. I’m just a guy that likes computers, and loves to show off cool things. So if you are into programming, computer security, or any tech on a keyboard, check out some of my YouTube videos and feel free to get engaged. I am super thankful for all of your support and helping the channel keep growing!

SkyPirate Interview :..>Bio: Marcus Singletary aka SkyPirateActual (https://instagram.com/SkyPirateActual) is currently a 11B (Infantry Squad Leader) stationed out of Ft. Bragg, NC. He has been deployed to Iraq twice in the last 6 years. His interest in physical security stemmed from lockpicking, bypassing as a hobby and breaching on the job; the correlation between the two sparked the interest and the subsequent dive into the world of physical security

Counting To TENS aka When The US Department of Defence Tries To Make Tails OS :..>Trusted End Node Security (TENS), previously called Lightweight Portable Security (LPS), is a Linux-based live CD produced by the United States of America’s Department of Defence with a goal of allowing users to work on a computer without the risk of exposing their credentials and private data to malware, key loggers and other Internet-era ills. It includes a minimal set of applications and utilities, such as the Firefox web browser or an encryption wizard for encrypting and decrypting personal files. Our Co-Founder will attempt to run this discontinued operating system in a virtual machine and explore its weird quirks.

:.>Bio: A Co-Founder of DCG 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DCG 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

DCG 201 Hacker Show & Tell :..>After our lightning talks DCG 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Google CTF 2021 :..>This Friday, starting on July 16th at 8:00 PM EST, we invite all DCG 201 Members, Attendees and Fans to help us hack the Google CTF 2021! If you are new to Online CTF, we will help you get set up and walk you through some of the challenges. Then you can log in anytime after until July 18th 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://defcon201.medium.com/dcg-201-online-ctf-google-ctf-2021-july-16th-18th-1c51aa812048

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

AMONG US During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

Steam: https://store.steampowered.com/app/945360/Among_Us/ iOS: https://apps.apple.com/us/app/among-us/id1351168404 Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors’ goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

::END OF LINE::

.::DCG 201 Online Meet Up — May 2021 — Virtual Light::.

====================================================== Date: May 21st, Friday

Time: 5:30 PM EST — 11:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/277539462/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/219521683035008/

Hackaday: TBA

=====================================================

Welcome to the May 2021 DCG 201 Meet Up!

Since March of last year, the entire world had to become familiar with being more involved in the virtual world than it normally has. Zoom Meet Ups, Twitch LIVE Streams, Fortnite Concerts and the revival of the classic Virtual Reality headset. Now cheaper and more advance than ever, this has opened up pathways to a real life versions of The Lawnmower Man and The Matrix except somehow more weird, boring and horrifying because…you know, it’s this timeline.

Join us for a special entirely Virtual Reality online meet up broadcasted out of the DCG 201 LIVE Streams where we look at VR’s past mistakes, security, privacy, development and how it can be used for both good and evil.

Also: Virtual reality hang out party with music DJ’ed by a digital furry. Because Internet.

We are also excited because in addition to this online meet up, all of our LIVE Stream shows for May will be entirely themed around VR! We also have some exciting DCG 201 announcements to share about our future 2021 plans so get excite!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. 5:30pm — 5:55pm PRE SHOW :: Beyond the Looking Glass (1993) 5:55pm — 6:00pm DEFCON 201 Announcements 6:00pm — 7:00pm XRSI: The Reality Of Securing Virtual Worlds — Kavya Pearlman 7:00pm — 7:30pm LÖVR: What’s happening in the world of one Open Source VR Library — Andi McClure 7:30pm — 8:00pm Alloverse: Free & Open Source Virtual Reality — Nevyn Bengtsson 8:00pm — 8:20pm Spot the Surveillance: A VR Experience for Keeping an Eye on Big Brother — EFF 8:20pm — 9:00pm Surfing The 90’s Virtual Reality Internet With VRML — Sidepocket 9:00pm — ??? Virtual Reality Concert by DJ Vulp + Nowhere DCG 201 Virtual Reality Hacker Hangout

.::OPEN PROJECTS::.

DCG 201 Virtual Reality Hacker Hangout — Everyone Virtual Reality Concert by DJ Vulp — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

.::LIGHTNING TALKS::.

PRE SHOW :: Beyond the Looking Glass (1993) :..>Our PRE-SHOW will air a blast from the past documentary that is a great time capsule on what VR technology was like in the early 1990’s and what their hopes were for the future of the technology. Featuring professional dreadlock weirdo Jaron Lanier who was recently a Keynote Speaker at the HOPE 2020 Online Virtual Conference.

:..>Bio: Jaron Lanier is an American computer philosophy writer, computer scientist, visual artist, and composer of classical music. Considered a founding father of the field of virtual reality, he left Atari in 1985 to co-found VPL Research, Inc., the first company to sell VR goggles and gloves. In the late 1990s, Jaron worked on applications for Internet2, and in the 2000s, he was a visiting scholar at Silicon Graphics and various universities. In 2006 he began to work at Microsoft, and from 2009 has worked at Microsoft Research as an interdisciplinary scientist. His most recent book is Ten Arguments for Deleting Your Social Media Accounts Right Now.

XRSI: The Reality Of Securing Virtual Worlds :..>New technologies inevitably bring along new risks. Virtual Reality (VR) is one of those technologies that is slowly creeping into our daily digital lives, however, not much attention has been paid to the risks it brings along. As the industry looks towards mass adoption of Virtual Reality with an expected $40 billion market size and over 200 million active users by the year 2020, these new cyber attacks have already begun making headlines. Kavya Pearlman, founder of XR Safety Initiative is busy building processes, standards and finding novel cyberattacks to stay ahead of the bad guys that are coming for this rising new domain of Virtual Reality.

:..>Bio: Well known as the “Cyber Guardian”, founder & CEO of the XR Safety Initiative (XRSI), Kavya Pearlman is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. She recently launched a novel XRSI Privacy & Safety Framework for the XR and Spatial Computing domain. Kavya is constantly exploring new technologies to solve cybersecurity challenges. She has been named one of the Top Cybersecurity influencers for three consecutive years, 2018–2019–2020 by IFSEC Global. Kavya has previously advised Facebook on third party security risks during the 2016 US presidential elections and worked as the head of security for the oldest virtual world, “Second Life” by Linden Lab. Kavya is the co-host of the immersive podcast “Singularity Watch” and one of the Top 50 speakers in the cybersecurity industry. Kavya has founded The CyberXR Coalition that now focuses on diversity and inclusion and the cross section of Cybersecurity and XR, helped launch a trustworthy XR news platform, ReadyHackerOne and establish a Medical XR Advisory Council.

LÖVR: What’s happening in the world of one Open Source VR Library :..>LÖVR is a cross-platform, open-source VR engine created by Bjorn Swenson, an alternative to Unreal or Unity that lets you create a VR game or app in just a few lines of Lua. We’ll have Andi McClure by to talk about VR development in general, give a demo of LÖVR, and show off her LÖVR-based commercial game “SKATEGIRL DESTROYS THE UNIVERSE”.

:.>Bio: Andi McClure has been since 2008 making free video games, or at least, things that start arguments about whether they are video games. Her work experiments with glitch aesthetics, psychadelic visuals and the intersection of games and art software. She also one time made a programming language as a joke. See links to her work at https://runhello.com

Alloverse: Free & Open Source Virtual Reality :..>Continuing from the LÖVR talk, we will air a video presentation by Nevyn Bengtsson showing off his project Alloverse, a LÖVR-based metaverse. Come watch if you’re curious about LÖVR or just want to see one nonstandard approach to VR dev.

:..>Bio: Nevyn Bengtsson has been fascinated by the frontiers of HCI since he was a teenager. He was absolutely entranced by Jeff Han’s multi-touch experiments at the start of the millennium, and jumped on the iOS bandwagon early to explore the new medium. He built Spotify’s iOS app for a few years, then built the UX platform Lookback. Alloverse is his latest project, combining all of his passions: HCI, UX, VR and game engine programming.

Spot the Surveillance: A VR Experience for Keeping an Eye on Big Brother :..>Spot the Surveillance is an open-source educational Virtual Reality (VR) tool to helppeople recognize and understand the types of surveillance technology that policedeploy in their communities. The user is placed into a 360-degree street scene in San Francisco, where a policeencounter is frozen in time. The user looks around for surveillance equipment, such asa body-worn camera or automated license plate readers. As each device is located, theuser is informed on how the technology is used via text and narration. The experience is intended to expose users to street-level surveillance, and to sparkquestions around the types of surveillance from law enforcement they might notice in their communities. This talk will be how it was built and what is the future of this edu-virtual tech.

:..>Bio: Rory is a Grassroots Advocacy Organizer primarily working on the Electronic Frontier Alliance. They are also a doctoral student of psychology at the City University of New York Graduate Center studying activist pedagogy. Before coming to the EFF they were active in several New York City groups including the Cypurr Collective, a member of the EFA engaging in community education on matters of cybersecurity. A long time advocate for open education and open science, they want to break down any barriers folks face to free expression, creativity, or knowledge.

Artemis Schatzkin is a front-end web developer who has worked on many of EFF’s websites, such as Who Has Your Face?, Cover Your Tracks, this very site you’re on, and many more. She also developed EFF’s virtual reality site, Spot the Surveillance.

She has a parallel life as a visual artist.

Surfing The 90’s Virtual Reality Internet With VRML :..>After digging up the corpse of the last cursed online protocol, our DCG 201 Co-Founder has once again used his digital archeology skills to unearth another piece of virtual technology that the internet has forgotten about. VRML (Virtual Reality Modeling Language) is an ISO standard file format for representing 3-dimensional (3D) interactive vector graphics, designed particularly with the World Wide Web in mind. Coined by Dave Raggett for the First World Wide Web Conference, it is a text file format where vertices and edges for a 3D polygon can be specified along with the surface color, UV-mapped textures, shininess, transparency, ect. We will go over the language, try to create a .wrl WORLD from scratch and trace its lineage to a shocking conclusion!

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

DCG 201 Virtual Reality Hacker Hangout :..>Come meet us in the Virtual World of NOWHERE, a new social and events platform that revolutionizes online gathering by offering face-to-face interaction in beautifully designed three-dimensional spaces! Hang out, talk on your mic, turn on video to show off your hacker shit and watch the LIVE Stream through the virtual world followed by an after party featuring amazing music! (SEE BELOW)

:::::NOTE: LINK WILL BE POSTED ON BLOG AND SOCIAL MEDIA ON MAY 21ST AT 5:00 PM EST!

:..>What You’ll Need: The best experience is by using any browser based on Blink Engine, ideally the default Google Chrome or Chromium browser. Please have it only only one tab and also disable any security Add-Ons and mods for said tab to avoid lag and interuptions.

Virtual Reality Concert by DJ Vulp :..>Starting at 9:00 PM EST we will be having an awesome DJ set by a virtual DJ while we party the night away and talk about 1337 haxxs! This will both be on our LIVE Streams as well as in our NOWHERE virtual world!

:..>Bio: DJ Vulp has been mixing tracks together since 2016 and has always stuck with it as a side job through college and a continued hobby for fun today. Come dance while he brings you good vibes.

Folding@Home VS Coronavirus

:..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

::END OF LINE::

.::DCG 201 Online Meet Up — April 2021 — Application Is Meditating::.

====================================================== Date: April 16th, Friday

Time: 7:00 PM EST — 11:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/277538431/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/554252495545299/

Hackaday: TBA

=====================================================

Welcome to the April 2021 DEFCON 201 Meet Up!

Spring is in the air…as well as the infamous April Showers. And when it rains, it POURS! Millions of vaccination rolling out globally, more civil unrest unfolding, FOSS orgs imploding, canals getting blocked and TONS of exploits and data leaks flooding the intertubes.

Join us for this month's meet up as we deep dive into more traditional hacker AF topics from hardware maniuplation, exploits, digital archiving and more as you get to interact with us via our Big Blue Button posted on our social media the day of the event! All online as we wait for more people to get their Bio-Blue Team Hardened for more traditional in-person meet ups later this summer!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. 7:00pm — 7:55pm PRE SHOW :: Black Hat Webcast Series – It's not FINished: The Evolving Maturity in Ransomware Operations 7:55pm — 8:00pm DEFCON 201 Announcements 8:00pm — 8:30pm Detecting At-Risk Software — Kaylea Champion 8:30pm — 9:00pm The Joycon Symphonic Orchestra — sirocyl 9:00pm — 10:00pm npm's Gone Wild: The undefined Edition (CVE-2021-28918) — SickCodes, John Hacking, Kaoudis, Koroeskohr, Tensor_Bodega 10:00pm — ??? Open Workshops: DEFCON 201 Show & Tell + Games + Hangout

.::OPEN PROJECTS::.

DC201 Hacker Show & Tell — Everyone PlaidCTF 2021 — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone Among Us — Everyone

.::LIGHTNING TALKS::.

PRE SHOW :: Black Hat Webcast Series - It's not FINished: The Evolving Maturity in Ransomware Operations :..>Our PRE-SHOW will a relevant talk from the Black Hat Webinar series! Ransom demands are becoming larger, attackers smarter, and intrusions longer. Ransomware threat actors are hitting European companies hard with more effective ransomware deployment resulting in devastating impacts to victim organizations. When they strike, their ransomware deployments are more complete, more effective, and they are crippling many organizations to the point where there is often no clear path back to business.    We will be sharing tradecraft we've seen ransomware threat actors employ across Europe in 2020. We cover how we're seeing ransomware crews leverage high-profile critical vulnerabilities to gain footholds in as many victims networks as possible, only to come back weeks or even months later to leverage those footholds into full-scale ransomware deployments.    Not only are intrusion tactics improving, but attackers are also transitioning and developing sleek ransomware-as-a-service platforms. Threat actors are professionalising and streamlining their platforms. These platforms are being used by threat actors to generate malware, to communicate and negotiate with victims, and in some cases, for payment processing and decryption utility delivery.

:..>Bio: Mitchell Clarke is a Principal Incident Response Consultant for Mandiant United Kingdom and Ireland. He specializes in providing enterprise-scale response operations for clients facing sophisticated network intrusions by determined attackers. Mitchell is well practiced in leading both large and complex response operations for multinational organizations as well as tightly focused response operations for highly specialized organizations protecting critical intellectual property or sensitive information. Mitchell has led organizations across multiple industries in responding to breaches by adversaries ranging from well-resourced and stealthy nation-state sponsored espionage threat groups to highly motivated cybercriminals seeking to extort or ransom victim organizations.

:..>Bio: Tom Hall is a Principal Incident Response Consultant in Mandiant's UK team, and European Incident Response Function lead. As part of the Incident Response team, Tom provides services to clients when a breach occurs and has worked on Incident Response engagements globally with Mandiant since 2015. Tom has been responsible for leading and assisting organizations that involved advanced targeted threats and works closely with colleagues on new methods to proactively identify threats using new methodologies.

:..>Bio: Joe Slowik has over a decade of experience across multiple cyber disciplines. From work in the US Navy, to the US Department of Energy and Los Alamos National Laboratory, to industrial control security company Dragos, Joe has covered multiple facets of cyber intrusions and critical infrastructure defense. As a Senior Security Researcher at DomainTools, Joe continues his work tracking state-sponsored and criminal threats to enterprises with an emphasis on critical infrastructure and related targets.

Detecting At-Risk Software Infrastructure :..>Software serves as infrastructure and it can suffer from a lack of maintenance. Problems can be invisible and repairs may be difficult to prioritize. These factors lead to a type of risk we call “underproduction” — projects that are highly important but low quality. We want to understand how to detect this kind of risk in Free/Libre Open Source Software infrastructure before major failures occur. We'll be presenting results from our research into this question.

:..>Bio: Kaylea Champion is a PhD student in Communication at the University of Washington with a background in tech support and system administration. As a member of the Community Data Science Collective, she studies how people work together to build incredible public goods like GNU/Linux and Wikipedia, including not only how these projects succeed and thrive but also where they sometimes fall short. When not slinging python or chewing through data, she enjoys running in the woods, playing board games, and cooking for a crowd.

The Joy-Con Symphonic Orchestra :..>Did you know that the Nintendo Switch Joy-Con Controller “HD Rumble” system is so precise that you can vibrate the motors to play music? Many first party Nintendo games have used this function and now thanks to sarossilli (no relation to sirocyl) you can do so at home! In this talk DCG 201 Member sirocyl will look at a program that allows Nintendo Switch Joy-Cons to play .midi files through vibrations using C++ and the HID API hidraw library to interface with the controllers. This will be followed by a mini-jam session that might extend to the hang out portion of the meet up!

:.>Bio: sirocyl is a DCG 201 alumnus and founder of the famitracker.org FamiTracker and Famicom/NES music community. He is also part of MAGFEST video game convention volunteer staff.

npm's Gone Wild: The undefined Edition (CVE-2021–28918) :..>How we copped a decade old 0-day, while fixing another one. Randomly assembled global team of then strangers. The power of dropping research on a Sunday.

:..>Bio: Research by… Victor Viale: https://github.com/koroeskohr || https://twitter.com/koroeskohr Sick Codes: https://github.com/sickcodes || https://twitter.com/sickcodes Kelly Kaoudis: https://github.com/kaoudis || https://twitter.com/kaoudis John Jackson https://twitter.com/johnjhacking Nick Sahler: https://github.com/nicksahler || https://twitter.com/tensor_bodega Olivier Poitrey: https://github.com/rs || https://twitter.com/olivier_poitrey

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

Big Blue Button: LINK WILL BE POSTED ON April 16TH AT 6PM EST

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

PlaidCTF 2021 :..>This Friday, starting on April 16th at 5:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the PlaidCTF 2021! If you are new to Online CTF, we will help you get set up and walk you through some of the challenges. Then you can log in anytime after until April 17th 5:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://www.meetup.com/DEFCON201/events/277538780/

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

AMONG US :..>During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

Steam: https://store.steampowered.com/app/945360/Among_Us/ iOS: https://apps.apple.com/us/app/among-us/id1351168404 Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors’ goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

::END OF LINE::

.::IMPORTANT ANNOUNCEMENT: DCG 201 Public Apology & Operations Moving Forward::.

PrivateBin Plaintext: https://bin.privacytools.io/?39bb7e0a7df5ac30#4eEZdzGF2yn2VKsy9QGvXvZQVFEjq2LYsxRRG7GoFnNw

Medium Blog: https://defcon201.medium.com/important-announcement-dcg-201-public-apology-operations-moving-forward-2c84a10a660d

Greetings!

This is Sidepocket, Co-Founder of DEFCON 201 aka DCG 201 as we are formally called.

This is not an April Fool’s joke; the timing is full of irony but you will not hear us retract this.

You know us to be blunt, as we are in New Jersey, so let us get to the point.

You may have noticed that on our social media, we have been very vocal about multiple issues involving hacking and digital rights. The most recent one is our various members’ disagreement with the FSF’s (Free Software Foundation) decision to re-institute RMS (Richard Stallman) onto the board without any transparency, and the fallout from that.

Recently, we made a post on our Twitter account that called out Eli The Computer guy, a tech YouTuber, for his views. We made a post attempting to let it be known that our organization does not want to be associated with any partnership or event going forward that involves this individual. We sadly did not properly convey that message. The message was crass, inflammatory and caused more problems than it solved.

We made a mistake. We’re sorry.

My primary role in DCG 201 is to two-fold, and one of those roles is to be in charge of — and responsible for — the PR. We made a huge blunder on our social media, so we wanted to make these points clear:

1) As the primary hacker in charge of the PR for DCG 201, I do apologize for the crassness of the Tweet to Mr. Eli and those who read it. I may disagree with people on many points, both personally and along with our group, but as the social media representative for DCG 201, we should have not used the language that we used, and we apologize for that. I apologize for that.

2) This apology is aimed towards our DCG 201 Members and our fans, both locally and on social media. We know how much you love our content and our hacks, and we love you for it too. ❤ And I — as does the rest of DCG 201 — believe that you deserve BETTER, especially with regards to the quality control on our social media presence, and that of the posts we have done over the years.

3) It’s the hacker way to learn and improve. We recently have made a post on our social media to form a positive way of expressing our/your frustration and anger over the issues. We want to continue this thread by being constructive, not attacking, for all future posts and content. Punching up, not down, and supporting our stance with guided opinions, not crass declarations and reactionary, inflammatory or bait-ridden shitposts.

4) We apologize to DEF CON and all other DCGs (DEF CON Groups) who had suffered due to our words and actions. Even though we are not part of core DEF CON — and we continue to remind people of that fact — at the end of the day, DEF CON has graciously allowed us to continue to use part of their namesake in our operations. (It’s the primary reason why we are not completely copyleft with our branding.) We feel we let DEF CON and DEFCON Groups down because of our past inflammatory posts. We have learned, we will do better.

To reiterate: it is part of the hacker way to learn from mistakes, analyze the problem, and then build steps to rectify the issue. The first step to solving the problem is to acknowledge that there is a problem. This is us acknowledging that problem. We have seen, firsthand in many cases — orgs that lack transparency, lack accountability, and try to treat bugs as features. We are not, and will not be, that type of organization. Yes, our members do critique the current hacker events and news, and having constructive criticism goes a long way — but there are better ways of doing it, and we want to do those better ways going forward.

One of the ways we are going to prove we are moving forward is that I, Co-Founder of DCG 201, am stepping down from my role as the main person for public relations of DCG 201 of my own volition. I will still be involved in the operations and you will still see me online and in person at gatherings, but the actual Website, Blog Posts, Social Media and LIVE Stream published content will be handled by other experienced members of DCG 201 Staff. These are some amazing members and I am excited and can’t wait to see the cool, positive and improved posts and relations they will make going forward! I would wish them luck but they already got this.

These above are just words. Important words, but words. It is now up to us to prove those words, and back them up with our actions. We are looking forward to demonstrating what we’ve learned, and how we are doing things better in the immediate future. We are excited for all the upcoming content, tech news, activism, awesome hacks and, of course the occasional funny meme! Basically, a new and improved DCG 201.

Thank you for your time and hack the planet,

Sidepocket, Co-Founder of DCG 201

::END OF LINE::

.::DEFCON 201 Online Meet Up — March 2021 — Four F%&king Years::.

====================================================== Date: March 19th, Friday

Time: 6:00 PM EST — 10:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/276922974/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/266458234974454/

Hackaday: TBA

=====================================================

Welcome to the March 2021 DEFCON 201 Meet Up…

…and our Four Year Anniversary!

Four Years! FOUR F%&ING YEARS! This makes us the longest incarnation of the 201 Area DEF CON Group after the last group of goobers dropped it like a hot rock.

We are going to party like it's 1995 because now that we know that there is a (hopefully soon to be over) plague out unlike last time we in the immortal words of a moron will “do it live” on the DEFCON 201 LIVE Stream!

This month we are going to make YOU the focus of the event along with special guests from all over the hacker world to drink, play, and hack our way into a new year of Dirty Jersey!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. 6:00pm — 6:30pm PRE SHOW :: Hacker Tunes by DJ Miss Jackalope 6:30pm — 7:03pm PRE SHOW :: This Is New Jersey (1956) 7:03pm — 7:05pm DEFCON 201 Announcements 7:05pm — 7:30pm Slipping A Mickey: The Strange OSINT Iceberg of The Walt Disney Corporation — Sidepocket 7:30pm — ??? Open Workshops: DEFCON 201 Show & Tell + 4.0 Year Anniversary Party

.::OPEN PROJECTS::.

DC201 Hacker Show & Tell— Everyone DC201 VidHug — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone Among Us — Everyone

.::LIGHTNING TALKS::.

PRE SHOW: Hacker Tunes by DJ Miss Jackalope

:..>We at DEFCON 201 are honored to have the reigning queen of hacker beats, Miss DJ Jackalope, to do a 30 minute music set for our anniversary!

:..>Bio: DEF CON Resident DJ, creator of Miss Jackalope custom vinyl clothing and decals, and pro cat herder. She spins DNB and some future house to make folks smile. Tunes are supposed to be fun, that’s why I’m here! Jackalope can be found at: Twitter https://twitter.com/djjackalope | https://twitch.tv/missjackalope | https://mixcloud.com/djjackalope Cheers and congrats DC201 on 4 years!

PRE SHOW: This Is New Jersey (1956) :..>This Technicolor color film was produced in 1956 for the New Jersey Bell Telephone Company, and based on a 1953 John T. Cunningham book This is New Jersey.

DEFCON 201 Announcements & Code of Conduct :..>DEFCON 201 will have a quick recap of our entire March 2020 to March 2021 run and exciting announcements for 2021! In addition, we will have an overview of the Code of Conduct linked on our website.

Slipping A Mickey: The Strange OSINT Iceberg of The Walt Disney Corporation - Sidepocket :..>Even if you live under a rock, everyone on planet earth has heard of M-I-C-K-E-Y M-O-U-S-E and the Walt Disney empire that has managed to copyright three circles. Starting back in the 1950's with it's engineering breakthroughs and it's groundbreaking theme park, the Walt Disney Corporation has always used the latest technology to shake down people's wallets. In this talk, we will go through a select history of these technologies from the scrapped EPCOT future city, to the innovative People Movers, the ill-fated Go.com domain and the Magic Band RFID badges that are being used today! And of course, how to hack all of them!

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

4.0 Year Anniversary Party :..>Hang out in our Big Blue Button Senfcall instance where you can chat about 1337 haxxs (and drink)! Various notorious hackers from all over the net will join us including some special guests that YOU DON'T WANT TO MISS!

Big Blue Button: LINK WILL BE POSTED ON MARCH 19TH AT 5PM EST

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

Big Blue Button: LINK WILL BE POSTED ON MARCH 19TH AT 5PM EST

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

AMONG US :..>During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

Steam: https://store.steampowered.com/app/945360/Among_Us/ iOS: https://apps.apple.com/us/app/among-us/id1351168404 Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors’ goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

::END OF LINE::

.::ANNOUNCING NEW LIVE STREAM SHOW: Circuit Breakers::.

TONIGHT at 8pm EST, join DEFCON 201 as we test out a new LIVE STREAM show!

Circuit Breakers is where we code to the metal, literally! Various DEFCON 201 Members familiar and old will take the spotlight on certain Wednesdays as we grab our soldering irons and prep our external pins for flashing software! We will cover everything from repairing old boards, trying out cool mods and building 1337 blinky haxxor tools from scratch! Find out when we broadcast by catching us on Social Media (https://linktr.ee/defcon201) and DEFCON201.org!

======================================================

Date: Various Wednesdays (Test Episode March 3rd)

Time: 8:00 PM EST

Location: ONLINE (SEE BELOW)

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://invidious.3o7z6yfxhbw7n3za4rss6l434kmv55cgw2vuziwuigpwegswvwzqipyd.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

::END OF LINE::

.::DEFCON 201 Online Meet Up — February 2021 — LOVE-LETTER-FOR-YOU.vbs::.

====================================================== Date: February 19th, Friday

Time: 7:00 PM EST — 10:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/276456746/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/441010767112077/

Hackaday: TBA

=====================================================

Welcome to the February 2021 DEFCON 201 Meet Up!

First off to get this out of the way, we want to offer our condolences and support for (at this time of writing) those in Texas who thanks to climate change has been hit with a blizzard knocking out power, water and heat for millions of people in the state causing people to freeze to death as the Texas “Leadership” abandons them.

If you are in Texas and/or know someone in Texas call 211 or find warming center here:

https://tdem.texas.gov/warm/

And if you want to donate to the relief effort:

https://secure.actblue.com/donate/aoc-social-20210218/?refcode=aoc-social-20210218-7pmtweet

https://feedingtexas.networkforgood.com/projects/101860-feeding-texas-general-support

https://redcross.org/local/texas/central-and-south-texas.html

On a lighter note, our meet up combines many thing that are going on. Black History Month in the United State where we celebrate and highlight the achievements and creations from the brilliant minds of African Americans, the soul crushing corporatism of feeding Hallmark’s bottom line that is Valentines Day and just in case you have not noticed…we are STILL in a pandemic with NEW strains of COVID-19 coronavirus trying to love our cells a little too much for over a year now.

Sit back, learn and get ready for some fun hacks!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://invidious.3o7z6yfxhbw7n3za4rss6l434kmv55cgw2vuziwuigpwegswvwzqipyd.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. 7:00pm — 8:00pm PRE SHOW :: Healthscare — An Insider’s Biopsy of Healthcare Application Security — Seth Fogie, Guy Raz 8:00pm — 8:05pm DEFCON 201 Announcements 8:05pm — 8:20pm Documenting The Digital Diaspora with AfroCROWD — Sherry Antione 8:20pm — 9:10pm (Bio)Hacking as a Primary Response to Crisis — Meow 9:10pm — 9:30pm psyc://The Protocol That Time Forgot — Sidepocket 9:30pm — ??? Open Workshops: DEFCON 201 Show & Tell + Games + Hangout

.::OPEN PROJECTS::.

DC201 Hacker Show & Tell— Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone Among Us — Everyone

.::LIGHTNING TALKS::.

PRE SHOW: Healthscare — An Insider’s Biopsy of Healthcare Application Security :..>Our PRE-SHOW will a relevant talk from the Black Hat Webinar series!

Healthcare security teams are in a tough spot. While the provider industry is taking security seriously, they are at the mercy of the software vendors who provide the healthcare organizations with the data delivery, processing and storage solutions that are critical to delivering patient care and keeping patient data secure. Given the reliance on these systems, it begs the question — how secure are these solutions?

Seth Fogie has spent the last 10+ years in the trenches of the healthcare industry and has seen the good, bad and ugly of what is being provided to your providers. As an insider, Seth has experienced the unique tension healthcare security teams face as they work to securely implement these solutions and will share some of what has been found.

The core of this presentation will focus on vulnerabilities and design issues within healthcare solutions. As we will illustrate through the dissection of numerous clinical focused systems, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR, clinical documentation and temperature monitoring systems, the prognosis doesn’t look good. Unfortunately, it is our experience that there are few solutions within the hospital enterprise that do not have issues.

The goal for this public ‘biopsy’? The healthcare security community needs help increasing the pressure to ensure all of our data is safe from poorly designed and developed vendor solutions. While we can’t play the name and shame game for a number of reasons, we want to increase awareness through numerous technical illustrations and ask for your help in increasing scrutiny on all healthcare solutions. This isn’t just an application security problem — it is all our healthcare data at risk and this audience is positioned in a unique spot to help.

:..>Bio: Seth Fogie serves as the Information Security Director at Penn Medicine where he is a member of the leadership team helping to build and maintain a world class security program for the enterprise. In Seth’s 20 + years of experience in the field of security, he has also led a security software development company, served as CTO for a development firm focused on the creation of educational environments for hands-on security exercises, and has authored numerous books/articles on information security related subjects. In addition to Seth’s current role at Penn Medicine, he also enjoys opportunities to perform security research and testing, helping numerous healthcare vendors remediate and correct security deficiencies, making the healthcare industry safer for all!

:..>Bio: Guy Raz is a Sr. Systems Engineer at ExtraHop with previous experience as a Network Engineer and Solution Architect. In his role, Guy has developed a deep understanding of the challenges to meet the security, network and compliance requirements that are unique to healthcare organizations. Before joining the Systems Engineer team, Guy was one of the ExtraHop Solution Architects, responsible for conducting deep technical and business discovery sessions, assisting in troubleshooting and problem resolution during war-room and security/network investigations and developing strategies for acquiring high-value data from the wire; requiring in-depth technical understanding of L2-L7 networking principles.

Documenting The Digital Diaspora with AfroCROWD :..>AfroCROWD has held monthly multilingual editathons in partnership with cultural institutions, galleries, libraries, archives, museums (GLAM) and many others including instituations at the United Nations. The organization has also worked with professors at educational institutions like New York University, The New School, Icahn Medical School and Columbia University among others. AfroCROWD also organizes events to train future trainers in its target community. In this talk, we will go over the mission statement for AfroCROWD, how wikipediathons are organized and the upcoming online Black Wiki History Month at the Schomburg Center.

:..>Bio: Run by Executive Director, Sherry Antoine, AfroCROWD has sensitized thousands in its target audience about free culture crowdsourcing and the need to close the multicultural and gender gaps in Wikipedia.

(Bio)Hacking as a Primary Response to Crisis :..>During crisis we often see unique problems that governments and businesses struggle to tackle in an effective and timely fashion. Meow will explore how hackers can, and have, responded to this wit a focus on his work in molecular diagnostics during the covid-19 pandemic.

:..>Bio: Meow is a transdisciplinary biohacker that helped begin the movement in Australia. He embraces all five pillars of biohacking: micro, molecular bio, bioinformatics, hardware, and grinding. Notably, he has run in multiple federal elections as a pro-technology evangelist and was also the centre of one of the first cyborg law cases due to the use of a contraband travel pass inserted into his hand.

His main interests are astrobiology, fungi, life extension, gene therapies (including mRNA), cellular agriculture (plants > mammalian), little creatures (<1mm), complex living systems (aquaponics, aquariums, etc), and pneumatic conveying. At previous DEFCONs he has developed an appreciation for industrial control systems, social engineering, hardware hacking, and the broader implications of hacking as a societal movement.

psyc://The Protocol That Time Forgot :..>psyc was a flexible protocol and control layer to set up a worldwide distributed messaging infrastructure for multicast chat, conferencing, non-proprietary instant messaging, distributed social networking and data sharing with no central database. Key word, was. A project by GNU that even most open source fanatics have forgotten about it only exists because once in awhile the Free Software Foundation likes to bring up their limbo SECUSHARE projects like the way Tupac releases a new album from beyond the grave. In this yammering digital archeological dig, we will dissect the protocol, look at some of it’s implementations including PsycZilla on Ubuntu “Karmatic Kola” and go down the rabbit hole of the most confusing and poorly managed projects since GNU Herd.

:.>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

AMONG US :..>During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

Steam: https://store.steampowered.com/app/945360/Among_Us/ iOS: https://apps.apple.com/us/app/among-us/id1351168404 Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors’ goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

::END OF LINE::

.::DEFCON 201 Online Meet Up — January 2021 — Halt & Catch Fire::.

====================================================== Date: January 15th, Friday

Time: 5:30 PM EST — 10:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/275699354/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/210002574135534/

Hackaday: https://hackaday.io/page/9770-defcon-201-online-meet-up-january-2021-halt-catch-fire

=====================================================

Welcome to the January 2021 DEFCON 201 Meet Up!

So uh…normally we summarize what has been going on so far this month in the lead up to our meet up but…do we even have to? Have you been online? Have you seen the news? Where were you when domestic terrorist try to hijack the country to keep a celebrity politician in power? Have you seen the rising COVID-19 death toll? Did you get your dick stolen by IoT devices?

We are sadly past the 7-day trial for 2021 and are unable to get a refund so…fuck it!

Today’s meet up like most of 2021 will be some short-formed but packed to the buffer with hacker AF talks leading to an open forum on Big Blue Button so all you 0days and packets can chat with us!

Plus, this will be the first time we will be LIVE Streaming to PeerTube via Diode.Zone for those who want a decentralized, advertisement-less open source non DMCA riddled indie platform to watch the New Jersey madness!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://w6ijuptxiku4xpnnaetxvnkc5vqcdu7mgns2u77qefoixi63vbvnpnqd.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 5:30pm — 5:55pm PRE SHOW :: Don’t Be a Sucker — United States Department of War (1943) 5:55pm — 6:00pm DEFCON 201 Announcements 6:00pm — 6:30pm From The Current State of DevOops — Tillie Kottmann 6:30pm — 7:00pm Internals of Conti Ransomware — 0xNikhilRathor 7:00pm — 7:30pm Privacy After The Insurrection — Albert Fox Cahn 7:30pm — 8:00pm Cooking Out Of The Frying Pan with 1A Snake Oil — Sidepocket 8:00pm — ??? Open Workshops: DEFCON 201 Show & Tell + Games + Hangout

.::OPEN PROJECTS::.

DC201 Hacker Show & Tell— Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone Among Us — Everyone

.::LIGHTNING TALKS::.

PRE SHOW: Don’t Be a Sucker (1943) :..>Our PRE-SHOW will a public domain short film that is even more relative now than it was back then. Don’t Be a Sucker is a short film produced by the United States Department of War released in 1943, and adapted as a slightly shorter version in 1947. It has anti-racist and anti-fascist themes, and was made to educate viewers about prejudice and discrimination. An American Freemason who has been listening to a racist and bigoted rabble-rouser, who is preaching hate speech against ethnic and religious minorities and immigrants, is warned off by a naturalized Hungarian immigrant, possibly a Holocaust survivor or escapee, who explains to him how such rhetoric and demagoguery allowed the Nazis to rise to power in Weimar Germany, and warns Americans not to fall for similar demagoguery propagated by American racists and bigots.

From The Current State of DevOops :..>A short overview on how source code and secrets can often be extracted from the most popular DevOps tools, followed by some details around recent leaks, how they were acquired and what you can find in them.

:..>Bio: Tillie Kottmann is a software developer and leaker from Switzerland, known from some high profile leaks such as Intel, Daimler and most recently Nissan.

Internals of Conti Ransomware :..>Since the samples of “Conti Ransom” were available from August and from there development of “Conti” Ransom has gone further as from the version 1 to version 2 and version 3 phase recently. Whereas the infections of “Conti Ransom” had increased in past few months. Mainly the Trick Bot crime group is being dropping Conti Ransom in the Powershell Empire campaign originated from the Trick Bot stealthy targeting. This talk will be dissecting this ransomware from writing the logic bomb in the macros of the office docs to the loading the malicious payload/executable execs run32dll.exe being deployed for the triage of targeted machine

:..>Bio: Nikhil Rathor is a Security Researcher & Reverse Engineer from India and is passionate about malware analysis and threat intelligence.

Privacy After The Insurrection :..>In the aftermath of last week’s horrific attack on the Capitol, new questions are being raised about the role of surveillance in identifying insurrectionists and responding toe right-wing violence. S.T.O.P.’s Albert Fox Cahn will discuss the dangers of expanding surveillance in these challenging times.

:.>Bio: Albert Fox Cahn is the Surveillance Technology Oversight Project’s ( S.T.O.P.’s) founder and executive director, a fellow at the Engelberg Center on Innovation Law & Policy at N.Y.U. School of Law, a member of the NYU Alliance for Public Interest Technology, and a columnist for Gotham Gazette. As a lawyer, technologist, writer, and interfaith activist, Mr. Cahn began S.T.O.P. in the belief that emerging surveillance technologies pose an unprecedented threat to civil rights and the promise of a free society.

Mr. Cahn is a frequent commentator on civil rights, privacy, and technology matters and a contributor to numerous publications, including the New York Times, Slate, NBC Think, Newsweek, and the N.Y. Daily News. and he has lectured and presented his research at numerous universities including Harvard Law School, New York University School of Law, Columbia University, and Dartmouth College. Mr. Cahn previously served as legal director for a statewide civil rights organization, and as an associate at Weil, Gotshal & Manges LLP, where he advised Fortune 50 companies on technology policy, antitrust law, and consumer privacy.

In addition to his work at S.T.O.P., Mr. Cahn serves on the New York Immigration Coalition’s Immigrant Leaders Council, the New York Immigrant Freedom Fund’s Advisory Council, and is an editorial board member for the Anthem Ethics of Personal Data Collection. Mr. Cahn received his J.D., cum laude, from Harvard Law School (where he was an editor of the Harvard Law & Policy Review), and his B.A. in Politics and Philosophy from Brandeis University.

Cooking Out Of The Frying Pan with 1A Snake Oil :..>Where there is a disaster in the making, there will always be grifters lined up to profit off of it under the guise of remedying the problem. After the hillarious banning of Donal Trump’s Twitter Account and the take down of the accidental honey pot Parler, we at DEFCON 201 have received tons of requests of alternative services. Sadly, many of these, such as Gab and Dissenter are not only the antithesis of Free Speech and privacy but are also coded like shit. In this quick PSA, Sidepocket will go over these bad services past and present, present a methodology on how to identify a good or bad service and highlight some actual alternatives that will help make a more balanced internet.

:.>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

AMONG US :..>During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

Steam: https://store.steampowered.com/app/945360/Among_Us/ iOS: https://apps.apple.com/us/app/among-us/id1351168404 Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors’ goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

::END OF LINE::

.::$2020 sudo shutdown -r :: DEF CON 201 New Years Online Party::.

====================================================== Date: December 31st, Thursday – January 1st, Friday

Time: 9:00 PM EST — ??? (12:30 AM EST)

Meet-Up: https://www.meetup.com/DEFCON201/events/275459730/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/408977177008690/

Hackaday: https://hackaday.io/page/9689-2020-sudo-shutdown-r-def-con-201-new-years-online-party

=====================================================

We did it!

We finally reached the end of the tunnel of one of the worst years in recent memory!

From the COVID-19 Plague to Climate Disasters, Protests Against Police Violence and Tide Pod Cuisine ending with the election of a lifetime and the Solar Winds hack.

Let's try to end the year in the most Dirty Jersey way we can as we invite everyone to hang out with DEFCON 201 Staff for crazy shenanigans and interactive games as we count down to either the new year or the end of the world.

DEF CON New Years Eve Details: https://defcon.org/html/defcon-nye-2021/dc-nye-2021-index.html

If you want to know the schedule you can view it here:

==================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook: https://www.facebook.com/groups/defcon201/ ====================================================

.::AGENDA & SCHEDULE::. —ALL TIMES ARE EASTERN STANDARD (EST)—

9:00pm - 10:00pm Intro & Retrospective on 2020 10:00pm - 10:30pm NCommander Charity Torture 10:30pm - 11:00pm Sidepocket Charity Torture 11:00pm - 11:50pm Hackers Among Us! 11:50pm - 12:00 MIDNIGHT It's The FINAL COUNTDOWN 12:00 MIDNIGHT - ??? Hackers Among Us! (Cont.) ====================================================

Interact with us on the DEF CON Discord! If everything is set up, there should be a #DCG201 or #DEFCON201 Channel and we will chat via text, audio and video all night!

========================================================== DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

Join The DEFCON 201 Team Page: https://ctf.inctf.in/teams/225 ==========================================================

During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

========================================================== Steam: https://store.steampowered.com/app/945360/Among_Us/

iOS: https://apps.apple.com/us/app/among-us/id1351168404

Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US ==========================================================

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors' goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

About Child's Play: Child's Play also receives cash donations throughout the year. With those cash donations, we purchase new consoles, peripherals, games, and more for hospitals and therapy facilities.

Donate: https://donate.tiltify.com/@defcon201live/spirit-of-hohocon-childs-play-charity

::END OF LINE::

.::DEFCON 201 Online Meet Up — December 2020 — XmasCon::.

====================================================== Date: December 18th, Friday

Time: 6:00 PM EST — 11:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/274587770

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/189414472858732/

Hackaday: TBA

=====================================================

Welcome to the December 2020 DEFCON 201 Meet Up!

Can it be? Is it finally here? The final stretch to the END of 2020 is upon us!?

This might be the best present we get this year! Regardless if you are done burning oil, waiting for the Mascot of the NSA to slide down your non-existent chimney, worshiping the horned one that’s NOT the soon-to-be ex-president or getting your ancestors drunk on libations, DEFCON 201 will be ending a the year with a bang.

Our last meeting will have three major things: An important subject both in hacker history and this weeks news, a personal expose with talks from our core DEFCON 201 staff and a return to the open format meeting where we chill, hang out, drink and show off what we have been working on.

Oh, an j0hnnyXmas just because!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://c7hqkpkpemu6e7emz5b4vyz7idjgdvgaaa3dyimmeojqbgpea3xqjoid.onion/c/defcon201

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/ ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 6:00pm — 6:50pm PRE SHOW :: 1993 B.C.: Get Off my LAN! (Hacking in the Olden Days) — J0hnnyXm4s 6:50pm — 7:00pm DEFCON 201 Announcements 7:00pm — 8:00pm From Stuxnet to Solar Winds — Kim Zetter 8:00pm — 8:30pm Ninja Forge-Next Generation: Now With More GUI — GI Jack 8:30pm — 9:00pm SNAFU@InternetProtocol.mil— sirocyl 9:00pm — ??? Open Workshops: DEFCON 201 Show & Tell + Games +Hangout

.::OPEN PROJECTS::.

DC201 Spirit Of HoHoCon Child’s Play Charity — Everyone hxp CTF 2020 — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

PRE SHOW: 1993 B.C.: Get Off my LAN! (Hacking in the Olden Days) :..>Our PRE-SHOW will entertain a pre-recorded talk from Hackfest 2015. Since the Second Industrial Revolution, technology has been advancing at a rate beyond anyone’s estimates. That means us old folks got to hack a whole lot of awesome stuff in our short lifetimes, much of which is already long since obsolete. Here, Johnny Xmas will deliver one of his famous “When I Was Your Age” rants, this time aimed at the 1990’s and the Rise of the Internet, and the explosion of the hacker community that happened back then, just as it is happening now. Topics covered will probably include cable TV piracy, wardialing, offensive payphonery, mainframe hacking, “Hackers Vs. Crackers”, the mere difficulty of Internet & computer access, and how so many of the “modern” web exploits you use today are really decades old.

From Stuxnet to Solar Winds :..>We at DEFCON 201 are proud to interview cyber-journalist Kim Zetter! Topics will include the state of cybersecurity journalism, how journalist disclose sensitive hacks, hackers relationship with journalism, Governments VS Reporting, and her legendary work documenting Stuxnet and the current cutting-edge state of the Solar Winds breach.

:..>Bio: Kim Zetter is an award-winning investigative journalist who has covered cybersecurity and national security for more than a decade, initially for Wired, where she wrote for thirteen years, and more recently for the New York Times Magazine, Politico, Washington Post, Motherboard, and Yahoo News. She has been voted one of the top ten security journalists in the country by security professionals and her journalism peers. She has broken numerous national stories about NSA and FBI surveillance, nation-state hacking attacks, the Russian sabotage of Ukraine’s power grid and its use of that country as a testing ground, the hacker underground and election security. She is considered one of the leading experts on the latter, and in 2018 authored a New York Times Magazine cover story on the crisis of election security. Zetter is also an expert on cyber warfare and wrote an acclaimed book on the topic — Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon — about a sophisticated virus/worm developed by the U.S. and Israel to covertly sabotage Iran’s nuclear program.

Ninja Forge-Next Generation: Now With More GUI :..> ninjaforge-ng is a tool for burning Ninja OS to USB sticks using the purpose created .liveos.zip format. This format is a structured zip container format created for the purpose that adds an index file for metadata as well as GPG and hashsum integrity checking. This is being written in python, both as a GUI in Qt5, and later will add a command line version. The original ninjaforge is written in bash and included within the release of Ninja OS as means for installation, as well as within Ninja OS itself for making new Ninja OS USB sticks, as part of the “Clone and Forge Frame Work”. This is part of an overhaul to make the system more user friendly, consistent, and secure. The format is documented in a text file, and is freely available for use. This talk will go over the tool and format.

:..>Bio: GI Jack is one of the Co-Founders of DEFCON 201. He might have seen a Ninja that had built their own hacker variant of Arch Linux known as Ninja OS. You might be able to also find this ninja at: https://ninjaos.org/

SNAFU@Internet.mil :..>Welcome to yet another bat-shit insane day at DEFCON 201 where DEFCON 201 member sirocyl takes a look at an interesting case-study in network architecture, where a laptop’s mobile network somehow got DHCP-assigned to an IP address located squarely in the Pentagon. Thanks, T-Mobile!

:.>Bio: sirocyl is a DEFCON 201 alumnus and founder of the famitracker.org FamiTracker and Famicom/NES music community. He is also part of MAGFEST video game convention volunteer staff.

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

DC201 Spirit Of HoHoCon Child’s Play Charity :..>Child’s Play is a game industry charity started in 2003 dedicated to improving the lives of children with toys and games in our network of over 220 facilities worldwide, including hospitals and domestic abuse shelters.

Child’s Play works in two ways. With the help of hospital staff, they’ve set up gift wish lists full of video games, toys, books, and other fun stuff for kids. By clicking on a hospital location on their map, you can view that hospital’s wish list and send a gift.

Child’s Play also receives cash donations throughout the year. With those cash donations, they purchase new consoles, peripherals, games, and more for hospitals and therapy facilities. These donations allow for children to enjoy age-appropriate entertainment, interact with their peers, friends, and family, and can provide vital distraction from an otherwise generally unpleasant experience.

More Info Here: http://assets.childsplaycharity.org/docs/CP_Press_Kit_42020.pdf

Donate Directly Here: https://donate.tiltify.com/@defcon201live/spirit-of-hohocon-childs-play-charity

hxp CTF 2020 :..>This Friday, starting on November 18st at 10:00 AM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the hxp CTF 2020! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until November 20th 10:00 AM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: TBA

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::