DEFCON 201

North East New Jersey DEFCON Group Chapter. We meet at Sub Culture once a month to hack on technology projects! https://www.defcon201.org

.::$2020 sudo shutdown -r :: DEF CON 201 New Years Online Party::.

====================================================== Date: December 31st, Thursday – January 1st, Friday

Time: 9:00 PM EST — ??? (12:30 AM EST)

Meet-Up: https://www.meetup.com/DEFCON201/events/275459730/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/408977177008690/

Hackaday: https://hackaday.io/page/9689-2020-sudo-shutdown-r-def-con-201-new-years-online-party

=====================================================

We did it!

We finally reached the end of the tunnel of one of the worst years in recent memory!

From the COVID-19 Plague to Climate Disasters, Protests Against Police Violence and Tide Pod Cuisine ending with the election of a lifetime and the Solar Winds hack.

Let's try to end the year in the most Dirty Jersey way we can as we invite everyone to hang out with DEFCON 201 Staff for crazy shenanigans and interactive games as we count down to either the new year or the end of the world.

DEF CON New Years Eve Details: https://defcon.org/html/defcon-nye-2021/dc-nye-2021-index.html

If you want to know the schedule you can view it here:

==================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook: https://www.facebook.com/groups/defcon201/ ====================================================

.::AGENDA & SCHEDULE::. —ALL TIMES ARE EASTERN STANDARD (EST)—

9:00pm - 10:00pm Intro & Retrospective on 2020 10:00pm - 10:30pm NCommander Charity Torture 10:30pm - 11:00pm Sidepocket Charity Torture 11:00pm - 11:50pm Hackers Among Us! 11:50pm - 12:00 MIDNIGHT It's The FINAL COUNTDOWN 12:00 MIDNIGHT - ??? Hackers Among Us! (Cont.) ====================================================

Interact with us on the DEF CON Discord! If everything is set up, there should be a #DCG201 or #DEFCON201 Channel and we will chat via text, audio and video all night!

========================================================== DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

Join The DEFCON 201 Team Page: https://ctf.inctf.in/teams/225 ==========================================================

During our stream, we will be playing the hit game Among Us with the DEF CON audience! Watch the stream to find out how to join.

========================================================== Steam: https://store.steampowered.com/app/945360/Among_Us/

iOS: https://apps.apple.com/us/app/among-us/id1351168404

Android: https://play.google.com/store/apps/details?id=com.innersloth.spacemafia&hl=en_US&gl=US ==========================================================

The game takes place in a space-themed setting, in which players each take on one of two roles, most being Crewmates, and a predetermined number being Impostors. The goal of the Crewmates is to identify the Impostors, eliminate them, and complete tasks around the map; the Impostors' goal is to covertly sabotage and kill the Crewmates before they complete all of their tasks. Players suspected to be Impostors may be eliminated via a plurality vote, which any player may initiate by calling an emergency meeting (except during a crisis) or reporting a dead body. Crewmates win if all Impostors are eliminated or all tasks are completed whereas Impostors win if there is an equal number of Impostors and Crewmates, or if a critical sabotage goes unresolved.

About Child's Play: Child's Play also receives cash donations throughout the year. With those cash donations, we purchase new consoles, peripherals, games, and more for hospitals and therapy facilities.

Donate: https://donate.tiltify.com/@defcon201live/spirit-of-hohocon-childs-play-charity

::END OF LINE::

.::DEFCON 201 Online Meet Up — December 2020 — XmasCon::.

====================================================== Date: December 18th, Friday

Time: 6:00 PM EST — 11:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/274587770

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/189414472858732/

Hackaday: TBA

=====================================================

Welcome to the December 2020 DEFCON 201 Meet Up!

Can it be? Is it finally here? The final stretch to the END of 2020 is upon us!?

This might be the best present we get this year! Regardless if you are done burning oil, waiting for the Mascot of the NSA to slide down your non-existent chimney, worshiping the horned one that’s NOT the soon-to-be ex-president or getting your ancestors drunk on libations, DEFCON 201 will be ending a the year with a bang.

Our last meeting will have three major things: An important subject both in hacker history and this weeks news, a personal expose with talks from our core DEFCON 201 staff and a return to the open format meeting where we chill, hang out, drink and show off what we have been working on.

Oh, an j0hnnyXmas just because!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://c7hqkpkpemu6e7emz5b4vyz7idjgdvgaaa3dyimmeojqbgpea3xqjoid.onion/c/defcon201

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/ ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 6:00pm — 6:50pm PRE SHOW :: 1993 B.C.: Get Off my LAN! (Hacking in the Olden Days) — J0hnnyXm4s 6:50pm — 7:00pm DEFCON 201 Announcements 7:00pm — 8:00pm From Stuxnet to Solar Winds — Kim Zetter 8:00pm — 8:30pm Ninja Forge-Next Generation: Now With More GUI — GI Jack 8:30pm — 9:00pm SNAFU@InternetProtocol.mil— sirocyl 9:00pm — ??? Open Workshops: DEFCON 201 Show & Tell + Games +Hangout

.::OPEN PROJECTS::.

DC201 Spirit Of HoHoCon Child’s Play Charity — Everyone hxp CTF 2020 — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

PRE SHOW: 1993 B.C.: Get Off my LAN! (Hacking in the Olden Days) :..>Our PRE-SHOW will entertain a pre-recorded talk from Hackfest 2015. Since the Second Industrial Revolution, technology has been advancing at a rate beyond anyone’s estimates. That means us old folks got to hack a whole lot of awesome stuff in our short lifetimes, much of which is already long since obsolete. Here, Johnny Xmas will deliver one of his famous “When I Was Your Age” rants, this time aimed at the 1990’s and the Rise of the Internet, and the explosion of the hacker community that happened back then, just as it is happening now. Topics covered will probably include cable TV piracy, wardialing, offensive payphonery, mainframe hacking, “Hackers Vs. Crackers”, the mere difficulty of Internet & computer access, and how so many of the “modern” web exploits you use today are really decades old.

From Stuxnet to Solar Winds :..>We at DEFCON 201 are proud to interview cyber-journalist Kim Zetter! Topics will include the state of cybersecurity journalism, how journalist disclose sensitive hacks, hackers relationship with journalism, Governments VS Reporting, and her legendary work documenting Stuxnet and the current cutting-edge state of the Solar Winds breach.

:..>Bio: Kim Zetter is an award-winning investigative journalist who has covered cybersecurity and national security for more than a decade, initially for Wired, where she wrote for thirteen years, and more recently for the New York Times Magazine, Politico, Washington Post, Motherboard, and Yahoo News. She has been voted one of the top ten security journalists in the country by security professionals and her journalism peers. She has broken numerous national stories about NSA and FBI surveillance, nation-state hacking attacks, the Russian sabotage of Ukraine’s power grid and its use of that country as a testing ground, the hacker underground and election security. She is considered one of the leading experts on the latter, and in 2018 authored a New York Times Magazine cover story on the crisis of election security. Zetter is also an expert on cyber warfare and wrote an acclaimed book on the topic — Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon — about a sophisticated virus/worm developed by the U.S. and Israel to covertly sabotage Iran’s nuclear program.

Ninja Forge-Next Generation: Now With More GUI :..> ninjaforge-ng is a tool for burning Ninja OS to USB sticks using the purpose created .liveos.zip format. This format is a structured zip container format created for the purpose that adds an index file for metadata as well as GPG and hashsum integrity checking. This is being written in python, both as a GUI in Qt5, and later will add a command line version. The original ninjaforge is written in bash and included within the release of Ninja OS as means for installation, as well as within Ninja OS itself for making new Ninja OS USB sticks, as part of the “Clone and Forge Frame Work”. This is part of an overhaul to make the system more user friendly, consistent, and secure. The format is documented in a text file, and is freely available for use. This talk will go over the tool and format.

:..>Bio: GI Jack is one of the Co-Founders of DEFCON 201. He might have seen a Ninja that had built their own hacker variant of Arch Linux known as Ninja OS. You might be able to also find this ninja at: https://ninjaos.org/

SNAFU@Internet.mil :..>Welcome to yet another bat-shit insane day at DEFCON 201 where DEFCON 201 member sirocyl takes a look at an interesting case-study in network architecture, where a laptop’s mobile network somehow got DHCP-assigned to an IP address located squarely in the Pentagon. Thanks, T-Mobile!

:.>Bio: sirocyl is a DEFCON 201 alumnus and founder of the famitracker.org FamiTracker and Famicom/NES music community. He is also part of MAGFEST video game convention volunteer staff.

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>After our lightning talks DEFCON 201 members will be given an opportunity to show off the various projects that they have been working on. You can join in any time as we chat and some things we might be showing off for the first time so you don’t want to miss this on the LIVE Stream!

To get the URL and Password for the group hang out, pay attention to our Twitter or sign up on Meet Up!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

DC201 Spirit Of HoHoCon Child’s Play Charity :..>Child’s Play is a game industry charity started in 2003 dedicated to improving the lives of children with toys and games in our network of over 220 facilities worldwide, including hospitals and domestic abuse shelters.

Child’s Play works in two ways. With the help of hospital staff, they’ve set up gift wish lists full of video games, toys, books, and other fun stuff for kids. By clicking on a hospital location on their map, you can view that hospital’s wish list and send a gift.

Child’s Play also receives cash donations throughout the year. With those cash donations, they purchase new consoles, peripherals, games, and more for hospitals and therapy facilities. These donations allow for children to enjoy age-appropriate entertainment, interact with their peers, friends, and family, and can provide vital distraction from an otherwise generally unpleasant experience.

More Info Here: http://assets.childsplaycharity.org/docs/CP_Press_Kit_42020.pdf

Donate Directly Here: https://donate.tiltify.com/@defcon201live/spirit-of-hohocon-childs-play-charity

hxp CTF 2020 :..>This Friday, starting on November 18st at 10:00 AM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the hxp CTF 2020! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until November 20th 10:00 AM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: TBA

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::

.::DEFCON 201 Online Meet Up — November 2020 — Back Orifice 2020::.

====================================================== Date: November 20th, Friday

Time: 6:00 PM EST — 10:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/274587770

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/2747070122275971/

Hackaday: https://hackaday.io/page/9462-defcon-201-online-meet-up-november-2020-back-orifice-2020

=====================================================

Welcome to the November 2020 DEFCON 201 Meet Up!

After a nail biting USA 2020 Election, we have seemed to tilt the scale back to some degree of normalcy. We are glad to evict the cartoonish-level of tyranny out of the White House in the most North East Coast way possible.

However, let’s not forget what “normalcy” is. Normal was still the subjugation of the US populous. Normal was telling you it’s not your right to own the stuff that you own. Normalcy was censoring others while spreading propaganda like wildfire. Normal was installing backdoors, going to war, and the new normal of a plague that is coming back to kill us in full force.

So we decided, f$#k normal, let’s be freaks!

And to get our freak on, we decided after high demand to revisit virtually one of our favorite meeting subjects of all time back in 2017 when we started out. Hacking Sex. Wet ware meets hardware. Dicks, Dongles and The Internet Of Thongs.

We hope you are ready to relieve your anxiousness by allowing us to blow a load of hacker knowledge all over you in one content packed night. An orgy of data highlighting vulnerable back doors, exposed ports, short-stroking parasentric slots and how prude technologists and politicians are using our squeamish nature to sex to censor us all…and how sex workers on the front lines for digital rights are fighting back with the full force of the true hacker sprint!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://c7hqkpkpemu6e7emz5b4vyz7idjgdvgaaa3dyimmeojqbgpea3xqjoid.onion/c/defcon201

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

Chaturbate: https://chaturbate.com/p/defcon201/ ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 6:00pm — 6:25pm PRE SHOW :: Pwn All The Mobile Porn Apps — Ben Actis 6:25pm — 6:30pm DEFCON 201 Announcements 6:30pm — 6:50pm The Privacy of Online Dating & Teledildonics — Alex Lomas 6:50pm — 7:00pm B!tch Picking: Designing A Lockpick Set For Sex Workers — Sidepocket 7:00pm — 7:30pm Naked & Unafraid: The Basics Of Securing Your Nudes — Allie Barnes 7:30pm — 7:50pm Aliases, Branding, and Consent: The ABCs of Sex Work and Digital Security —Luna Sylum 7:50pm — 8:00pm BREAKING NEWS — TBA 8:00pm — 8:30pm The Internet Of Thongs: Virtualization Of Sexual Intimacy — Andre Shakti, Inferno 8:30pm — 10:00pm UN-EARN IT: The Domino Effect Of Internet Censorship — Sex Workers Roundtable TBA

.::OPEN PROJECTS::. DEFCON 201 Makes It RAINN November Charity — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

.::LIGHTNING TALKS::.

PRE SHOW: Pwn All The Mobile Porn Apps :..>Our PRE-SHOW will entertain a talk from BSides Las Vegas 2017. It will examine egregious security vulnerabilities found in adult content mobile applications. Highlights include: lack of HTTPS usage, code execution in update mechanisms, and less then stellar vendor responses.

The Privacy of Online Dating & Teledildonics :..>Many dating application use location to match you up with people in the local area, but this led to the leakage of million’s of people’s exact location. This can cause problems for LGBTQ+ people, especially in parts of the world with poor human rights records, as well as subject people to harassment and exposure. We’ll look at some of the problems we found last year, what has changed, and what you can do to protect yourself. We’ll also briefly see that these problems exist in the sphere of teledildonics as well, which has increased in usage during the recent global lockdowns.

:..>Bio: Alex is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.

B!tch Picking: Designing A Lockpick Set For Sex Workers :..> There are many pre-built lock picking sets online that cater to a variety of professions and hobbies such as locksmiths, lock sport competitors, law enforcement, ect. In this short presentation, TOOOL (The Open Organization of Lockpickers) will pitch a concept of an all-in-one case and set design that would satisfy the needs for the safety of sex workers out in the field.

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

Naked & Unafraid: The Basics Of Securing Your Nudes :..>As online dating and sexting become more popular among both teens and adults, there’s a scary trend that’s increasing right alongside it: revenge porn, the non-consensual sharing of private images or videos. This talk aims to give you some basic information on revenge porn, some basic technical information on privacy when it comes to media storage and sharing, how to protect yourself when sharing intimate material, and finally — what your options are if your material DOES get leaked.

:.>Bio: Allie Barnes has been in the Linux community since 2011, jump-starting her IT career as a Linux Administrator at Rackspace and utilizing mentorships and community knowledge to eventually navigate into the OpenStack world, working on Red Hat’s OpenStack Product. Allie is learning to take the leap into the community by participating in more talks and community events in hopes of spreading knowledge and love of Linux, Open Source, and InfoSec in general!

Aliases, Branding, and Consent: The ABCs of Sex Work and Digital Security :..>She doesn’t usually friend her office coworkers on Facebook. But she made an exception because it seemed like they always had a good time discussing just about anything. One weekend, she shared a promotion for a burlesque show held at the local kink-friendly club: “Come me out (as my alias ;)) with a titillating new dance!”

On Monday, her coworker avoided conversation, but asked to chat with their boss after the morning meeting. That afternoon, she received an email from HR that they’d been informed of an unacceptable conflict of interest, and would be let go.

He was a little bored of his small town photography studio only getting booked for weddings. One day he finally got up the nerve to embark on the avant garde nude series he’d conceptualized. So he created a new brand, with a completely separate Instagram account, and posted a small portfolio. These featured his partner, who enthusiastically consented, and never showed their face.

Business remained steady with his conservative clientele none the wiser, even as his reputation among the subculture grew.

Let’s define your model of acceptable risk, when it comes to social media and information security, if you maintain more than one identity online.

:..>Bio: Luna Sylum, aka Luna, has a background that some might say reflects multiple personalities. After a short lived career in contemporary dance, she landed another dream job in digital marketing for an RPG publisher. That dream soon spiraled into a nightmare, so she rode the tides of her fluctuating-yet-intense passions and discovered a new home in infosec. Some call it mad, but she’s fallen in love with her new identity as an incident responder. And yes, she also moonlights as a burlesque dancer.

BREAKING NEWS :..>TBA

:..>Bio: TBA

The Internet Of Thongs: Virtualization Of Sexual Intimacy :..>Since the COVID-19 lockdowns across the country many business were thrown into chaos as they had to adapt by virtualization. Sex workers had an advantage in that human sexuality has always leveraged emerging technologies from the printing press to DVD’s and internet streaming. Tonight we look at two organizations, The Sanctuary Club and NYC INFERNO, as they talked about the challenges of transforming their intimate spaces into the virtual world.

:..>Bio: Andre Shakti. Stripper. FemDom. Educator. Columnist. Slut. I talk sex & do things that make me sweat. Owner of The Sanctuary Virtual Strip Club and IAmPoly.net

NYC INFERNO is an inclusive queer party that welcomes all genders of people (including trans-people) for queer friends, f — k buddies and lovers of all kinds.

UN-EARN IT: The Domino Effect Of Internet Censorship :..>A mashup of two separate bills — The Stop Enabling Sex Traffickers Act of 2017 (SESTA) and its House equivalent, the Fight Online Sex Trafficking Act (FOSTA or H.R.1865) — SESTA-FOSTA is a bi-partisan passing bill in 2018 designed to prevent websites from facilitating sex trafficking. In short, SESTA-FOSTA rolls back portions of Section 230 of the Communications Decency Act (CDA), a 20-year-old law that protects online publishers from the things their users say or do. It’s follow up, Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (shortened to EARN IT) was passed in 2020. Join a panel of sex workers and activist on the front lines about the censorship of sex work on the internet and how it will and has emboldened other forms internet censorship that affects us all.

:..>Bio: TBA

.::OPEN PROJECTS::.

DEFCON 201 Makes It RAINN November Charity :..>RAINN (Rape, Abuse & Incest National Network) is the nation’s largest anti-sexual violence organization. RAINN created and operates the National Sexual Assault Hotline (800.656.HOPE, online.rainn.org y rainn.org/es) in partnership with more than 1,000 local sexual assault service providers across the country and operates the DoD Safe Helpline for the Department of Defense. RAINN also carries out programs to prevent sexual violence, help survivors, and ensure that perpetrators are brought to justice.

This month until November 30th, DEFCON 201 are proud to try to raise a minimum goal of $400 for RAINN via Tiltify to protect all humans around the world from the horrors of sexual abuse. We will offer a wide range of programming from our shows (HACK + ALT + NCOMMANDER, The Master Of Unlocking, Archvile: A Linux Perspective & Crypto Barons) plus special programming including this meeting on our LIVE Stream platforms to entertain people to donate to the cause!

If you wan to donate at anytime, please visit the link: https://tiltify.com/@defcon201live/defcon-201-makes-it-rainn-november-charity

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux/FreeBSD, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

::END OF LINE::

.::DEFCON 201 Online Meet Up — September 2020 — Egg Freckles::.

====================================================== Date: September 18th, Friday

Time: 4:00 PM EST — 9:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/272715939/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/655322292051918/

Hackaday: https://hackaday.io/page/9277-defcon-201-online-meet-up-september-2020-egg-freckles

=====================================================

Welcome to the September 2020 DEFCON 201 Meet Up!

So we are all stuck at home because COVID-19 is the song that will never end. The West Coast is burning. The East Coast is underwater. And in the mist of all of this with a nightmare election coming up…Apple decides to hold an event showing off the overpriced closed-sourced products. Because of course they would.

That’s why we have decided to take this golden oprotunity to have a DCG 201 meeting theme we have wanted to do for a very long time: Hacking Apple. If you are one of the many people who struggle with XCode and Swift, own an iPhone that won’t have any games besides Apple Arcade, run a Mac that will cost an ARM and a leg, can’t play Fortnite or XCloud on your iOS device or someone who remembers when Newton was the shit, this is the meeting for you. Be prepared for a crazy live stream with limited in person seating watching hackers in New Jersey and all over the world throw a sledgehammer at the screen and break down Apple walled gardened.

Tim Apple will be proud. #AppleEvent

Details of the in-person meet below:

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://c7hqkpkpemu6e7emz5b4vyz7idjgdvgaaa3dyimmeojqbgpea3xqjoid.onion/c/defcon201 ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 4:00pm — 4:50pm AFK: Meet & Greet+ Open Workshop Projects ONLINE: The Fifth HOPE (2004): Steve Wozniak Keynote 4:50pm — 5:00pm A Marathon Of Mac Gaming — MrMacRight 5:00pm — 6:00pm The Rise Of Mac Malware — Thomas Reed 6:00pm — 6:30pm Abusing & Securing XPC in macOS Apps — Wojciech 6:30pm — 7:00pm macintosh.js — NCommander 7:00pm — 7:10pm A Kinky Hack To Sideload iOS Applications — Sidepocket 7:10pm — 9:00pm??? Old Man Yells At iCloud — Xio

.::OPEN PROJECTS::. Open Jam 2020 — https://openjam.io/ Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

.::LIGHTNING TALKS::.

The Fifth HOPE (2004): Steve Wozniak Keynote :..>Lets take a trip back down memory lane with a limited reairing at the historic (yet forgotten about) keynote from The Fifth HOPE (Hackers On Planet Earth) with Apple Co-Founder and guy who actually did all the work; The Wonderful Wizard Of Woz!

:..>Bio: Stephen Gary Wozniak also known by his nicknames “Woz” and handle “Berkely Blue”, is an American electronics engineer, programmer, philanthropist, and technology entrepreneur. In 1976, he co-founded Apple Inc., which later became the world’s largest information technology company by revenue and the largest company in the world by market capitalization. Through their work at Apple in the 1970s and 1980s, he and Apple co-founder Steve Jobs are widely recognized as two prominent pioneers of the personal computer revolution. As of November 2019, Wozniak has remained an employee of Apple in a ceremonial capacity since stepping down in 1985.

A Marathon Of Mac Gaming :..>If Linux Gamers thought they had a bad rep, nothing will cause the PC Master Race to burst out laughing than Mac Gamers. Despite the countless jokes, Apple has had a long and crazy history in the video game space from the original first person shooter epic Marathon by Bungie (before Halo and Destiny became a thing), to the failed PiP!N home video game system and the release of downloadable games on the iOS AppStore. In this talk, MrMacRight will go over how Apple is pushing AAA gaming on their platforms and improving In-App purchases.

:..>Bio: MrMacRight covers everything Apple gaming related (iPhone, iPad, Apple TV, Mac and Apple Arcade) on his YouTube channel.

The Rise Of Mac Malware :..>Contrary to most people’s expectations, the first widespread virus actually affected Apple computers. Join me for a journey through time, as we look at past Mac malware, focusing on when certain behaviors first emerged. Then fast forward through time, where we’ll see what today’s Mac threat landscape looks like, and what behaviors we’re seeing from Mac threats in the wild.

:..>Bio: Thomas Reed has been using Macs since 1984. He is a self-taught security researcher and Director of Mac & Mobile at Malwarebytes. In his spare time, he is an avid photographer.

Abusing & Securing XPC in macOS Apps :..>XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple’s components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere — Anti Viruses, Messengers, Privacy tools, Firewalls, and more. In this talk, I will:

— Explain how XPC/NSXPC work. — Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t). — Abuse an interesting feature on Catalina allowing to inject an unsigned dylib. — Show you how to fix that vulnz finally!

:.>Bio: Wojciech is a Senior IT Security Specialist working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite — an opensource anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Fac ebook, Malwarebytes, Slack, Atlassian, and others. In free time he runs an infosec blog — https://wojciechregula.blog. Shared research on among others Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), AppSec EU (London, United Kingdom), CONFidence (Cracow, Poland), BSides (Warsaw, Poland).

macintosh.js :..>Whether nostalgic for a simpler era or just wondering what computing was like 20-some years ago, Macintosh.js lets you find out. Built by developer Felix Rieseberg using Electron and Javascript, it emulates a 1991 Macintosh Quadra 900 running Mac OS 8.1. Thanks to a 1997 MacWorld Demo CD, it includes a number of apps and games, including Photoshop 3, Illustrator 5.5, Civilization II, and, of course, Oregon Trail. In this brief overview, NCommander of HACK + ALT + NCOMMANDER fame will do what he does best; disect this retro operating system and point out the quirks and WTF-ness of this unholy emulated beast.

:..>Bio: NCommander (@fossfirefighter) lives in Jersey City and is a contributor to multiple free and open-source software projects, an Ubuntu core developer, and an active developer for the Hermes Center for Transparency working on the GlobaLeaks project. In his free time, he likes to travel, write, and play with radios.

A Kinky Hack To Sideload iOS Applications :..>The iOS AppStore. The store features around 1.8 million apps, earned over $155 billion to developers and has caused headaches for many from their kow-towing to China to their weird restrictions of video game streaming applications. The walled garden nature is it’s biggest strength, leading Apple to control all software with 1984 percision. Or can they? Thanks to a website that allows BDMS folks to kink out on the world wide shibari, we will walk through how they exploited the development mode of iOS and XCode to inject their own software bypassing Apple’s insular storefront. Then we will quickly go over how this blew a giant wall in Apple’s iOS software approval proccess opening up to a world that only Apple users can dream of and Android users do in this world outside of the Cult Of Mac called “reality”.

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

Old Man Yells At iCloud :..>The Apple Computer 1, originally released as the Apple Computer and known later as the Apple I, or Apple-1, is a desktop computer released by the Apple Computer Company (now Apple Inc.) in 1976. Since then, Apple has left a legacy that has pissed a ton of people off from programmers, artist, buisnessmen and people name Tim. Few however, know the company and it’s hardware from it’s formation to the dumpster fire that is 2020. And so who better to cover it all than someone who is so retro you have to use a butter knife to rewind him! This rant on Apple products past and present will be so long and so foul that it will end and only end when Sub Culture shuts the place down and our livestream ends! Plus, comments from the peanut gallery (coughsirocylcoughNCommandercoughSidepocketcough) will cause this digital caveman to go into cardiac arrest before the #FailFactory he works at does!

:..>Bio: Interdisciplinary autodidacts always look bad on paper. Good hackers know they know not, and xio (@XioNYC) is of that rare breed which knows not that they know. He has experienced eight years of digital talking books from pre-production to shipped product, 12 years as an accessibility specialist, 16 years of video editing and DVD authoring, and over 24 years of broadcast radio, as well as a lifetime at the QWERTY and in deep thought.

.::OPEN PROJECTS::.

Open Jam 2020 :..>Open Jam is a game jam with 🖤. At Open Jam, you build an open-source video game over the weekend, rate other creators’ games, and compete for delicious open source karma. Open Jam is a game jam that promotes open source games and game creation tools. This jam encourages use of open source game engines, authoring tools, and platforms, and Creative Common assets, and to link those tools in your submission. Anything open source in your game creation process is encouraged! Open Jam is all about open games and open game development. Open Jam will be a 80 hour Jam based on a theme.

Please stop by the community and introduce yourself or team and share your progress once the jam starts

Join our discord channel if you want to keep in touch in real-time

Follow these twitter accounts: @openjamio, @caramelcode, @mwcz Use social hashtag: #openjam2020

At the end of the weekend, release your game and code to the world, play other participants’ games, and rate them.

:..>What You’ll Need: You can use any tools to create your game and it can run on any platform, open source tools and platforms are encouraged.

There is a new voting category for “Open Source Karma” based on open source friendly your game is i.e. how many open tools you used, if your game runs on an open platform, and a nice github repo. See table below.

It is very important to list all the open source tools you used and link to your git repo in your game entry, so you can get credit for your Open Source Karma

Games source should be available and licensed as open source.

You can create or use your own assets or use existing, openly licensed assets (e.g., Creative Commons).

You can work solo or on a team.

The theme will be announced at 1:00 PM September 18th (US Eastern).

Judging will be peer-based and and possible guest judges if not enough people rate games.

Games require a minimum of 10 ratings to place in the top 3. Games must be original for Open Jam, they can’t be entries submitted to other game jams or forks of other games.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

::END OF LINE::

.::DEFCON 201 Meet Up — August 2020 — Digital Campfire::.

====================================================== Date: August 21st, Friday

Time: 4:00 PM EST — 9:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/271914333/

Facebook [TOR]: TBA

Hackaday: TBA

=====================================================

Welcome to the August 2020 DEFCON 201 Meet Up!

Yup…the world still sucks.

Between the Postal Service Going Postal (censoring our rights as US Citizens), A Giant Deadly Explosion, Fire F&$king Tornados (not related) and COVID-19 raging on until the end of the year it’s easy to fall into despair.

However, the best thing about the Hacker Community is how we all come together no matter the obsticals. We had so many virtualized conventions in the past four weeks that 2020 was truly the year of Ultimate Hacker Summer Camp.

So we have built a small physical campfire at our Sub Culture venue and a HUGE bonfire digitally online as we share our stories and our hacks from each of these conventions.

Details of the in-person meet below:

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 4:00pm — 5:30pm AFK: Meet & Greet+ Open Workshop Projects + Games ONLINE: Diana Inititive Badge Soldering Workshop 5:30pm — 6:00pm DC201 Show & Tell 6:00pm — 6:30pm Insert Coin: Upgrading Raspberry Pi Arcade Machines — sirocyl, GI Jack 6:30pm — 7:30pm First Contact — Vulnerabilities in Contactless Payments 7:30pm — 7:40pm E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM 7:40pm — 9:00pm??? Campfire Stories: Digital Hacker Summer Camp Roundtable

.::OPEN PROJECTS::. Diana Inititive Badge Soldering Workshop — Chris TechGirlMN DC201 Show & Tell — Everyone Google CTF — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

Campfire Stories: Digital Hacker Summer Camp Roundtable :..>HOPE 2020, DEFCON Safe Mode, Black Hat USA, USENIX, Kids SecuriDay, Data Collectors NYC, European KubeCon, RingZer0, Diana Inititive…the last four weeks has been truly the Ultimate (At Home) Hacker Summer Camp. We call on ANYONE and EVERYONE who has atteneded or ran any virtual convention during this time to talk about their experiences, the highs, the lows, the hacks and the plain weirdness around the digital campfire! Email us at INFO (at) DEFCON201 [dot] ORG for the Jitsi invitation link! Black Hat USA: First Contact — Vulnerabilities in Contactless Payments

:..>Contactless payments are fast replacing cash and chip inserted transactions. Now Accounting for a staggering 40% of transactions globally. Yet, contactless makes use of protocols much older than the technology itself. With this in mind, just how safe and secure are contactless payments?

In this talk, we discuss the intricacies of the EMV protocols. Our findings show that contactless payments are not as safe and secure as first thought. Their reliance on older technology has introduced several flaws into their protocols.

We detail new vulnerabilities; how to bypass limits for contactless payments made using cards and how to circumvent limits for mobile wallets, even on locked devices. We also cover flaws in the generation keys values, the unpredictable number (UN) and application transaction counter (ATC).

We close the session by discussing how existing implementations of card authorization processes differ from each other. Finally, we talk about the best practices that should be implemented to create a secure environment for payments.

:..>Bio: Leigh-Anne Galloway is Head of Commercial Research at Cyber R&D Lab. She specializes in application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities. Having previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Troopers, Black Hat USA, and Black Hat Europe.

Timur Yunusov is a Head of Offensive Security Research and a Security Expert in the area of banking security and application security. He regularly speaks at conferences and has previously spoken at CanSecWest, PacSec. DEF CON, Black Hat USA, Black Hat Europe.

Insert Coin: Upgrading Raspberry Pi Arcade Machines :..>One of the best features of our venu at Sub Culture is the Raspberry Pi’s that host a bunch of emulated retro games for partrons to play on. While sadly they are offline due to restrictions on COVID-19, we are going to give a tour of how these machinges are set up and look into implimenting the upgrades the venue’s staff has tasked us to perform!

:..>Bio: GI Jack is one of the Co-Founders of DEFCON 201. He might have seen a Ninja that had built their own hacker variant of Arch Linux known as Ninja OS. You might be able to also find this ninja at: https://ninjaos.org/

sirocyl — is a DEFCON 201 alumni and is the founder of the famitracker.org FamiTracker and Famicom/NES music community. He also part of MAGFEST video game convention staff.

E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM :..>E-Viction is a self-destructing platform where sex workers and artists create intimate encounters and exchanges to imagine a world beyond SESTA/FOSTA. For 12 hours, the platform will feature virtual peepshows, chat rooms, and art that all protest digital gentrification, before dramatizing the otherwise invisible censorship of sex workers by self-destructing. E-Viction is a direct response to our urgent need for a digital public sphere and the challenges of sex worker survival in COVID-19. DEFCON 201 will give a quick tour and links to interact with and fight against Internet Censorship while having a fun time on a lonely coronavirus night!

:.>Bio: Veil Machine is an art collective founded by Empress Wu, Niko Flux, and Sybil Fury that uses a relational and intimate art practice to explore problems of power, erotics, and identity in sex/art work.

Empress Wu (b. 1997) is an NYC-based dominatrix and cultural activist who primarily operates via performance, curation, writing, and production to explore the semiotics of sex work, and its effect on the body politic. | https://www.empresswu.net/creative

Niko Flux (b. 1993) is a persona created through sex work, but destined to make art. She explores intergenerational lineages, queer surreality, and subterranean other selves. https://www.mistressniko.com

Sybil Fury (b. 1993) is a fantasy born from the imagination of a PhD student, sex worker, curator, and community organizer living between NYC and the Bay Area. Her work explores how the sex worker perspective opens up new possibilities for thinking about power, gender, and labor in capitalism. | https://sybilfury.com

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>DEFCON 201 members will be given in person during the Meet & Greet to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Google CTF :..>This Friday, starting on August 21st at 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Google 2020 CTF! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until August 23rd 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://medium.com/@defcon201/ultimate-hacker-summer-camp-part-eight-google-ctf-ee2b7ac52f8a?sk=b7ee545ea73b3f58d4fd03f33b56cda4

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Diana Inititive Badge Soldering Workshop :..>In this 90 min workshop we’ll build step by step the “Off the Shelf” badge. TOOLS REQUIRED — SOLDERING IRON, WIRE STRIPPER AND A SMALL WIRE CLIPPER you will also need solder, flux and possibility some solder braid or a solder sucker . Requires the parts listed here(link needed) as well a computer with the Arduino IDE installed (link) We’ll end the session with loading a test sketch to the Arduino.

:..>What To Bring: Aside from the supplies outlined below, you will need some basic tools: soldering iron, solder, wire stripper, snips and maybe some solder braid for those oops moments.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::

.::DEFCON 201 Meet Up — July 2020 — Scratch Space::.

====================================================== Date: July 17th, Friday

Time: 5:00 PM EST — 8:00 PM EST

IRL RSVP: https://www.eventbrite.com/e/defcon-201-online-meet-up-july-2020-scratch-space-tickets-113430760458

Meet-Up: https://www.meetup.com/DEFCON201/events/271914333/

Facebook [TOR]: TBA

Hackaday: TBA

=====================================================

Welcome to the July 2020 DEFCON 201 Meet Up!

So bad news…it’s still 2020.

The good news: because New Jersey for once in it’s history is NOT a dumpster fire we will be meeting at our home venue Sub Culture (which we miss dearly) since March!

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

We have more updates to this event as we get closer to July 17th so watch this space!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 5:00pm — 6:25pm AFK: Meet & Greet+ Open Workshop Projects + Games ONLINE: 4 IoT Systems, 4 Threat Modeling Failures — Andrew Tierney 6:25pm — 6:30pm DEFCON 201 Annoucements & Code of Conduct — GI Jack, Sidepocket 6:30pm — 6:50pm Intro to Beginners Python Workshop (SEE OPEN WORKSHOP) — vvvalentina 6:50pm — 7:10pm Building YOUR Security Career — Zoe Braiterman 7:10pm — 7:20pm Broadcasting Digital Graffiti For Social Justice — proJECT TRUTH 7:20pm — 7:50pm Oragono and the Past, Present, and Future of IRC — Shivaram Lingamneni 8:50pm — 8:00pm Open Workshops Projects + Drinking + Games

.::OPEN PROJECTS::. DC201 Show & Tell — Everyone Beginners Python — vvvalentina csictf 2020 CTF — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

ONLINE: 4 IoT Systems, 4 Threat Modeling Failures :..> The IoT is hugely diverse: home assistants, fitness trackers, medical devices, home security, kid trackers, smart TVs, industrial equipment, crypto wallets, car alarms and even sex toys. We’ve seen security and privacy failures in nearly all these systems, some trivial, some serious. In today’s IoT, security failures in these systems might seem trivial, but in 10 years, these systems will be ruling our lives.

We suspect that the developers of the products failed to predict which threats they needed to protect against. Unless security is considered during the design of these systems, they will never be truly secure. We’ll look at 4 practical examples where lessons can be learned: Crypto-wallets that didn’t take into account physical access

A telematics unit in a car that allowed us to take control of the corporate network

An EV car charger that relied on the security of a Raspberry Pi Police body cameras that place confidentiality above authenticity of data.

:..>Bio: Andrew Tierney leads the hardware team at Pen Test Partners. He covers all systems that aren’t general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and findingvulnerabilities in these systems. On the defensive side, he takes the knowledge gained from research and advises companies on how to build secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth so that they can stay secure through the entire lifecycle of the product.

DEFCON 201 Announcements & Code of Conduct :..>DEFCON 201 will start with various updates about our activities in early 2020, our post Corona Virus Pandemic measures and an overview of the Code of Conduct linked on our website.

Building YOUR Security Career :..>This will be an interactive session introducing corporate security, information security careers. The talk will draw upon topics, such as diversity, friendly white hat community and mentors.

:..>Bio: Zoe Braiterman is a researcher / consultant and dedicated mentor in the information security space. She’s an active OWASP volunteer and lover of hacker communities.

Broadcasting Digital Graffiti For Social Justice :..>TBA :.>Bio: proJECT Truth is an anonymous art collective spreading truth through public projection art installations. We illuminate what the government and police wish to keep in the darkness, with our current priority being the human rights crisis of police brutality. As our city reels from the loss of two of our beloved neighbors, Breonna Taylor and David McAtee, we feel it is necessary as artists to use our talents and platforms to demand change. By amplifying these issues onto highly visible buildings throughout Louisville, we send a powerful message to the powers that be. No justice, no peace. GoFundMe: https://www.gofundme.com/f/project-truth-louisville

Oragono and the Past, Present, and Future of IRC :..>IRC (“Internet Relay Chat”), a seminal chat protocol and early social networking platform, will celebrate its 32nd birthday next month. IRCv3, a community aimed at modernizing IRC via open standards, is coming up on its 16th. I’ll talk about Oragono (an IRCv3 server written in Go) and where it fits into an complex landscape of chat platforms — — touching on issues like open standards, embrace-extend-extinguish, interoperability, (de)centralization, user freedoms, the “Cozyweb”, Darius Kazemi’s runyourown.social movement for boutique social networking, and the possibility of online spaces that are neither private nor public.

:..>Bio: Shivaram Lingamneni is a failed mathematician, a struggling philosopher, a FOSS zealot, and a guy who loves pushing buttons and watching the blinkenlights.

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>DEFCON 201 members will be given in person during the Meet & Greet to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Beginners Python :..> NOTE: The first 20 minutes of this workshop will be streamed online before the DC 201 Lightningt Talks. The full workshop will last until the end of the meeting. To continue to follow this workshop after we switched over to our speakers:

Join Zoom Meeting: https://us04web.zoom.us/j/74485643948?pwd=a2FUSjgxOWtaT2hYdXRCQktwcXZVQT09 Meeting ID: 744 8564 3948 Passcode: Py

This workshop will be for anyone who is a programming n00b. In this Python programming workshop we will be going over:

What is Python programming? What can you create / do with python? Variables Print Function Input Function Short Intro to Python Libraries Turtle Library

After the workshop you will have completed a simple program using the Turtle Library that you can show off to friends and family.

:..>What You’ll Need: Download // Python 3.8 https://www.python.org/downloads/

Set up a github account (only if you plan to save your code or work on more programs in the future.)

BONUS Download // Anaconda navigator (for future workshops/ alternate place to program) https://www.anaconda.com/products/individual

csictf 2020 CTF :..>This Friday, starting on July 17th at 2:30 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the csictf 2020 CTF! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until July 21st 2:30 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: COMMING SOON

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::

.::DEFCON 201 Meet Up — June 2020 — Rainbow Tables::.

====================================================== Date: June 19th, Friday

Time: 7:00 PM EST — ????

Meet-Up: https://www.meetup.com/DEFCON201/events/270687263/

Facebook [TOR]: TBA

Hackaday: TBA

=====================================================

Welcome to the June 2020 DEFCON 201 Meet Up!

So, right when the world MIGHT just get rid of COVID-19, our “President” signed an executive order that censors the entire internet followed by mass protests against Feds being Feds and our White House using that to turn our country into a police state. Oh, and right during celebrations of LGBTQ+ people our “leadership” rolled back rights on said people mainly to target Transgender folks. And we are barely half-way through June.

So JOIN US for the newly declared DEFCON 201 ANTONYMOUS ZONE as we celebrate Pride as it originally was, a riot! We have a great number of talks and special guests representing the LGBTQ+ community, featuring those who are hackers that identify as queer. This will also include the usual DEFCON 201 insanity of hacking, drinking, eating and being in New Jersey.

For those catching us on Twitch, DEFCON 201 will be using Tiltify to raise funds for The Trevor Project, an American non-profit organization founded in 1998 focused on suicide prevention efforts among lesbian, gay, bisexual, transgender, queer and questioning (LGBTQ) youth. The organization looks to fulfill their mission through four strategies: provide crisis counseling to LGBTQ+ young people thinking of suicide, offer supportive counseling and a sense of community to young LGBTQ+ people in order to reduce suicide, educate young people and adults who interact with young people on LGBTQ+ competent suicide prevention, and advocate for laws and policies that will reduce suicide among LGBTQ+ young people.

DONATE: https://tiltify.com/@defcon201live/defcon-201-lgbtq-and-blm-trevor-project-charity-fundraiser

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg ======================================================

.::AGENDA & SCHEDULE::. [ALL TIMES ARE EASTERN STANDARD (EST)] 6:00pm — 7:00pm Pre-Show :: Q&A for Coded Bias 7:00pm — 7:05pm DEFCON 201 Annoucements & Code of Conduct — GI Jack, Sidepocket 7:05pm — 7:10pm Spotlight: Tech Learning Collective 7:10pm — 7:50pm The Basics of Live Sound: Setup, Acoustical Considerations, EQ and Feedback— Queensiñera 7:50pm — 8:10pm Gender Transition As Biohacking — chosystemname 8:10pm — 8:40pm Yiff In Hack: DEFCON Furs Presents Fursuits & LEDs — DEFCON Furs, mBlade, SincX 8:40pm — ??? Open Workshops Projects + Drinking + Games

.::OPEN PROJECTS::. DC201 Hacker Show & Tell — Everyone Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone DEF CON CTF Qualifier 2020 — Everyone JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

Pre-Show :: Q&A for Coded Bias :..> In celebration of Juneteenth (https://en.wikipedia.org/wiki/Juneteenth), we at DEFCON 201 will screen the Trailer and Q&A of Coded Bias! When MIT Media Lab researcher Joy Buolamwini discovers that most facial-recognition software misidentifies women and darker-skinned faces, as a woman of color working in a field dominated by white males, she is compelled to investigate further. What she discovers drives her to push the US government to create legislation to counter the far-reaching dangers of bias in a technology that is steadily encroaching on our lives. Centering the voices of women leading the charge to ensure our civil rights are protected, Coded Bias asks two key questions: what is the impact of Artificial Intelligence’s increasing role in governing our liberties? And what are the consequences for people stuck in the crosshairs due to their race, color, and gender?

WATCH FULL DOCUMENTARY: https://www.hrwfilmfestivalstream.org/film/coded-bias/

DEFCON 201 Announcements & Code of Conduct :..>DEFCON 201 will start with various updates about our activities in early 2020, our post Corona Virus Pandemic measures and an overview of the Code of Conduct linked on our website.

Spotlight: Tech Learning Collective :..>In this section, DEFCON 201 will hilight fellow EFA group, Tech Leanring Collective. They will describe what their operations are like and give a preview of their classes such as their command line workshops, how to use Signal without a phone number, their upcoming Mr. Robot Happy Hacker Hour and adding even lower price tier for attendance to our next “Signal and Surveillance” webinar workshop for People of Color.

:..>Bio: Tech Learning Collective is an apprenticeship-based technology school for radical organizers headquartered in New York City that provides a security-first IT infrastructure curriculum to otherwise underserved communities and organizations advancing social justice causes. We train politically self-motivated individuals in the arts of hypermedia, Information Technology, and radical political practice. Founded and operated exclusively by radical queer and femme technologists, we offer unparalleled free, by-donation, and low-cost computer classes on topics ranging from fundamental computer literacy to the same offensive computer hacking techniques used by national intelligence agencies and military powers (cyber armies).

The Basics of Live Sound: Setup, Acoustical Considerations, EQ and Feedback :..>This discussion will cover the basics of a live sound setup and dive into more specifics relating to EQ and Feedback prevention. Practical applications of EQ within examples of confined and non confined spaces go hand in hand with feedback prevention in terms of noting the acoustic design of a given room.

:.>Bio: Victoria aka Queensiñerais a latinx live audio engineer and burlesque performer based in Brooklyn, NY. Victoria has a variety of experience in the live audio field. She served on the team that brought the Grand Ole Opry to NYC, Opry City Stage , where she worked as FOH and stage manager. She was the resident engineer at Brooklyn Music School working with Brooklyn youth, local and guest artists. Victoria has also lent her talents to impactful events and notable NYC venues including Cipriani’s Grand Central Station, Chelsea Music Hall, Teatro La Tea and working as FOH coordinator for City Parks SummerStage. She’s had the pleasure of running sound for artists and events such as Jimi Hendrix Tribute featuring Nels Cline, Captain Kirk Douglas & Sean Lennon, Dan Zanes & Friends, East X Middle East: Marjan Farsad, HBO: Crashing, Lester Lynch, Spanish Harlem Orchestra, Persian Arts Festival: AIDA, Lonnie Bee, Will Calhoun, Soul in the Horn and many others.

Gender Transition As Biohacking :..>A brief look at the biohacking techniques used in gender transition. This will be a Safe For Work talk.

:..>Bio: chosystemname is a transgender hacker. Co-organizer of CTF Circle, founder of the Gender Hacking Village, backend dev.

Yiff In Hack: DEFCON Furs Presents Fursuits and LEDs :..>DEFCON Furs presents two talented Furry Hackers, mBlade & SincX, will talk about how theyadds LEDs and electronics to fursuits. What components he uses and techniques. mBlade will also tell a few stories from his experience at DC26 and what he has planned for the future.

:..>Bio: DEFCON Furs is a 501c3 non-profit group that organizes events and parties at DEF CON for members of the infosec community that share an interest in the furry fandom. Our purpose is to promote, support, and advance the idea that we should be free to hack our own lives in a safe and supportive environment. Our focus is on education, organizing and providing support for individuals and groups that promote creating and owning a life and identity that is yours.

DEFCON Furs started as a room meetup for furries that regularly attended the DEF CON hacker conference. As word spread within the community, it turned out more furries were attending DEF CON than what could fit in a small hotel room. So “DEFCON Furs” as an event was produced in 2017 in a dedicated public suite where everyone at DEF CON, furry or otherwise, could come party, network, chill, work on challenges, and learn about DEF CON and the interesting people that make up the attendees. You can think of us like a mini-furry convention that is part of the DEF CON madness.

mBlade has been involved with the furry fandom since 2012, suiter since 2013, LED suiter since 2014, and business owner of Made2Glow since 2017. He designed and built his own systems. Everything is self taught.

SincX has been a furry since 2015 and a maker since the early 90’s. His fursona is Cyberpup Eigen — think a Sony Aibo ERS-110 that grew up. He has been slowly building the parts to embody Eigen, making use of RGB LEDs, Arduinos, various sensors, and Wifi chips. His aim is to create an outfit that reacts to both his movements and commands, as well as those of the furries and folks around him.

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>DEFCON 201 members will be given the section immediately after the Lightning Talks to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::

.::DEFCON 201 :: Declaration Of Emergency On Black Lives Matter, The Policing Crisis & Call For Action::.

Like many, I’ve seen the United States slide further and further towards authoritarianism, and dictatorship. As I write this, police in New York are using heavy-handed riot-control tactics, including kettling,¹ to encircle, intimidate and harass protesters. As most of us know, many of these protests have started with the resurgence of Black Lives Matter after the death of George Floyd on May 25th, 2020.

While protests on police brutality and racism have gone on for decades, the start of these protests were marked by an unusual event. Shortly after the video of Floyd’s death was posted, a police station in Minneapolis was burned to the ground. For reasons we will get into, this was a climactic moment in the history of our society.

Despite the constant waves of protests, and consistent demands for reform, there has been no real change in either police behavior, or progress in ending police brutality. Today, on CNN, I saw news clips of Attorney General Keith Ellison talking about how difficult prosecuting police officers is.²

Here in New York City, we have been under curfew for several days. Governor Andrew Cuomo and Mayor Bill de Blasio have not made any significant efforts in addressing the protests. Beyond them, leadership from other sectors of the government has been mostly lacking. This, in and of itself, isn’t new — it seems as though we’ve come to expect a lackadaisical response by those in charge. An unfortunate truth is that as a result, people in general have also come to expect the police not to be held accountable for their actions. It has gotten to the point that as a society, we normalized the abuses of authority.

What is new, is that there is now an unprecedented level of public support for peaceful demonstrations against police misconduct and abuse of authority, racism and prejudice. I can’t help but hope that this is what finally tips things in a step towards equality, an end to police brutality, and a way to turn back from the spiraling march towards totalitarianism.

These four points represent a starting ground towards the true reform and change in society:

— Justice for George Floyd via public trial. — An end to curfews, and restrictions relating to peaceful public assembly. — An end of qualified immunity for law enforcement. — An investigation into police brutality and prosecution, handled through grand juries on the Judicial Branch, and investigative officials empowered via their subpoena — not by Internal Affairs departments of the police or Executive Branch officials.

This is not a call for violence; this is a chance to save our country through courts of law, and the tenets of democracy. If these events come to pass without significant change, then we risk stepping ever closer to the void.

My first point, justice for George Floyd, should be obvious. Up until this point, the public had generally given the police the benefit of the doubt. At the beginning of this article, I brought up the Minnesota police station that has burned. What I didn’t immediately highlight is, as of the time of writing, national polling has found that 54% of Americans thought that the burning of a police station was justified. Let that sink in for a moment.

Generally speaking, protests in the United States have been non-violent. When and if it occurs, violence is universally condemned by both individuals and press alike. However, there are times where a turning point is reached, and enough is enough. We, as a society, have reached that point.

Law enforcement has generally been untouchable because, all things being equal, there has been a perception that you can trust the police, and juries will continue to give cops the benefit of the doubt. That, in turn, means that nothing short of an absolutely airtight case against law enforcement could possibly succeed. If this view — one where society as a whole trusts the police — has died, then it means the beginning of the end in regards to the continual miscarriages of justice that we as a nation have borne witness to.

Secondly, let’s talk about curfews. A curfew, on its face, is simple: it is an order from authorities to get off the street, vacate public areas, and return home. Curfews have a long history of being employed during times of war, in order to enforce blackouts, and to curb unrest. These are valid reasons to implement a curfew.

However, we are not currently under an active threat from a foreign power, and the vast majority of protests have been peaceful. So why is there a curfew in place? It’s simple: it provides a legal pretext for anyone who is out and protesting to be immediately arrested and charged for violating it.

As of right now, this curfew order has had little effect on protesters, but it has given the NYPD in particular, the casus belli to essentially grab anyone they want. In the United States, freedom of assembly rights have been curtailed by the Supreme Court, primarily in the form of Cox v. New Hampshire, 312 U.S. 569 (1941). I’m going to quote the findings directly:

“A unanimous Supreme Court, via Justice Charles Evans Hughes, held that, although the government cannot regulate the contents of speech, it can place reasonable time, place, and manner restrictions on speech for the public safety.”³

These types of restrictions can be justified in a general sense. For a very recent example, shelter-in-place orders used to starve COVID-19 fall under these type of restricts. However, at the moment, these curfews do not represent “public safety”, but instead represent a legal weapon to be used against protesters. After all, as long as the protestors remain peaceful, it’s hard to argue in favor of public safety. Since Tuesday, most of the protest activity has been peaceful.

I used the term “casus belli” before. For those who aren’t familiar with it, it’s a latin phrase that translates as “an act or situation provoking or justifying war”. The curfew gives law enforcement the legal ability to intervene without restraint, while continuing to be seen as “doing their jobs”. This is a direct attack on freedom of expression, and freedom of assembly. Repealing the curfew deprives the police of one of the main legal shields being misused as a cudgel to justify their actions. My third point, qualified immunity, is the other major barrier. In short, qualified immunity is a precedent in case law, set by the Supreme Court of the United States, that prevents government offices from being sued. To quote Ashcroft v. al-Kidd, 563 U.S. 731 (2011). Justice Scalia summarized what qualified immunity is very clearly:

“Qualified immunity gives government officials breathing room to make reasonable but mistaken judgments about open legal questions. When properly applied, it protects all but the plainly incompetent or those who knowingly violate the law.”

On its face, qualified immunity seems reasonable. The problem is that immunity of any type creates insurmountable shields. This, when combined with the public in general giving police the benefit of the doubt, ensures that only the most egregious of offenses by law enforcement officials will even stand a chance at justice. There’s a better solution to this problem. Within the American framework of criminal law, legal doctrine recognizes cases where an individual must use force to protect oneself. This is known as the self-defense doctrine. This legal standard can be summarized as following:

“[A] person is privileged to use such force as reasonably appears necessary to defend him or herself against an apparent threat of unlawful and immediate violence from another.”

If the self-defense doctrine comes in the play, the defendant can still be charged with manslaughter or homicide, depending on the jurisdiction. If one meets the qualifications for using force in self-defense, they can plead not guilty. It is then the job of the district court to determine the facts, and to determine if such a defense is valid, and it becomes the job of the jury, based on the facts presented, to determine actual innocence or guilt.

An end to qualified immunity would mean that law enforcement and other government officials could be charged directly, instead of through the narrow exception granted by SCOTUS. I recognize that there are legitimate uses of force by law enforcement. It even can go as far as an officer being forced to take another’s life. Those cases can be inscribed in statute, and then the courts and jury determine if such a case is justified.

In military courts, there are actions that automatically warrant a court-martial, such as the loss of a ship. In those cases, the reason for the court-martial isn’t necessarily disciplinary, but it exists to formally set the record straight. Placing those who are empowered to use force against civilians under the same grounds of transparency would be a striking win for society.

Finally, we need a way to burn out the corruption that exists. Known as the “blue wall of silence” among other names, there is a de-facto code of silence in law enforcement societies. It’s not hard to draw a comparison to the mafia’s own code of silence, known as Omertà. It’s difficult to quantify how far this goes, and whether it includes the district attorney, and prosecution offices.

The fortunate thing is, though, that there is in fact a way to do this, that escapes the inheritance basis of internal affairs, or other executive “self-review” units: Grand juries.

Most people think of a grand jury as the subject of a joke, or an example of rubber-stamp justice in action. New York State chief Judge Sol Wachtler was rather famously quoted on “a grand jury would ‘indict a ham sandwich,’ if that’s what you wanted”. Having sat on a grand jury in the State of New York, I can understand why that perception exists. It’s because the purpose of a grand jury has largely been forgotten, as well as the power it wields.

Grand juries were created as a check of power on kings, and predate the concept of trial juries. In the United States, on a federal level, as well as in the State of New York, a grand jury is also empowered to subpoena any and all individuals they deem necessary to determine if an incident should be brought to trial. Grand juries also have been used in this country to root out corruption. In the State of New York, Section 190.85 of Criminal Procedure Law specifically grants this power to grand juries:

  1. The grand jury may submit to the court by which it was impaneled, a report:

(a) Concerning misconduct, nonfeasance or neglect in public office by a public servant as the basis for a recommendation of removal or disciplinary action; or

(b) Stating that after investigation of a public servant it finds no misconduct, nonfeasance or neglect in office by him provided that such public servant has requested the submission of such report; or © Proposing recommendations for legislative, executive or administrative action in the public interest based upon stated findings.

To the best of my knowledge, all 50 states in the Union, as well as the federal government have mechanisms to convenience a grand jury. While the specific rules may vary throughout the country, the takeaway here is that we, the people, need to be in charge of investigating corruption, not an internal affairs unit.

This is for one simple reason: we need to ensure that those in charge of investigating these abuses are not those not bound by the “blue wall of silence”. It’s a method of making sure that the police are truly being held accountable.

As a reminder, refusal to comply with a grand jury subpoena would leave individuals in contempt of court. While grand jury proceedings are confidential, court actions, based on a grand jury’s recommendations, are not. While these actions won’t magically fix the problems in the United States, it would be a legitimate win for liberty, and a step towards the death of institutionalized racism and police brutality. For all those who read this: stay safe. Know your rights. We’re all in this together, and if we stay the course, we have a real chance at real change. Justice will be served when every atrocity is exposed for all to see. Don’t give up, and don’t give in. We have the moral high ground, now. It’s time for change.

~ NCommander (AUTHOR) & DEFCON 201 Staff (including Co-Founders GI Jack and Sidepocket)

::END OF LINE::

¹https://twitter.com/FredTJoseph/status/1268278764569595905

It should be noted that at the time of writing, it is unclear if the billboards were officially posted by the Governor. Notably, the billboards cite the wrong Twitter account.

²https://minnesota.cbslocal.com/2020/05/31/attorney-general-keith-ellison-to-take-over-george-floyd-case/

³https://www.uscourts.gov/educational-resources/educational-activities/facts-and-case-summary-cox-v-new-hampshire

.::HACKERS UNITE :: DEFCON 201 & THUG CROWD PRIVACY LIVE STREAM SPECIAL::.

DATE: June 1st, Monday

TIME: 9:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/271007143/

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Periscope [Twitter]: https://www.twitter.com/defcon201nj ======================================================

We at DEFCON 201 have been struggling to come up with a new LIVE Stream show about practical privacy for absolute beginners.

Now, it’s time.

TONIGHT, June 1st at 9:00 PM EST, we will have a SPECIAL LIVE Broadcast testing out this type of show. From burners cameras to The Tor Network and commentary on what has been going on, we will be there live with our uber 1337 Haxor friends at THUG CROWD (https://thugcrowd.com/) to talk about how more now than ever we need to take and teach personal privacy seriously.

::END OF LINE::

.::DEFCON 201 Online Meet Up — May 2020 — Mind Games::.

====================================================== Date: May 15th, Friday

Time: 7:00 PM EST — ????

Meet-Up: https://www.meetup.com/DEFCON201/events/270121378/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/278502606615075/

Hackaday: TBA

=====================================================

Welcome to the May 2020 DEFCON 201 Meet Up!

April Showers was suppose to bring May Flowers but it seems like it just brought in more COVID-19, a Polar Vortex and Murder Horents. To continue the suck that is the year 2020, we continue to develop our live-stream platform with in addition to these monthly meetings also offering interactive weekly hacker programming for our livestreaming platforms. This month we are focusing on the May is Mental Health Awareness Month, something that has been getting DDoSed since the Coronavirus Pandemic and offering a jam packed meeting from phone phreaking, blue teaming on Wikipedia, Capture The Flag Tests and more! We also finally got our Twitter back after we were so 1337 that the platform confused us for a Федеральная служба безопасности Российской Федерации spam-bot sleeper cell.

Oh, also, DEF CON is cancled: https://defcon.org/html/defcon-safemode/dc-safemode-index.html

For those catching us on Twitch, DEFCON 201 will be using Tiltify to raise funds for Fred Hutch, one of the top ten biomedical research institutions that has reacted with unprecedented speed and cooperation to curb the threat of the novel coronavirus and the disease it causes, COVID-19. They are using the coronavirus DNA crowd-sourced from scientists around the world, experts at Fred Hutch and the University of Basel in Switzerland are tracking how the virus is changing as it moves through people and countries. They’re sharing their data on their open source platform, Nextstrain.org and scientists and public health officials around the world are using it to monitor the pandemic and slow the spread of infection. This is part of our efforts as hackers to fight the devastation caused by COVID-19!

Donation: https://tiltify.com/@defcon201live/defcon-201-fred-hutch-covid-19-research-charity-fundraiser/donate

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg ======================================================

EMAIL US TO INQUIRE FOR VIDEO CONFERENCING LINK!

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG

.::AGENDA & SCHEDULE::.

{ALL TIMES ARE EASTERN STANDARD (EST)}

6:15pm — 7:00pm Pre-Show :: Black Hat Webcast Series — Stalkerware: Solutions for Mitigating its Impact on Privacy and Security 7:00pm — 7:05pm DEFCON 201 Annoucements & Code of Conduct — GI Jack, Sidepocket 7:05pm — 7:30pm Mental Health Hackers: Contents Under Pressure — Amanda Berlin 7:30pm — 7:40pm WikiLoop Battlefield — Xinbenlv 7:40pm — 7:50pm Hardening Your Face Against COVID-19 With DYI Face Masks — Kira Waszak, Atomic Penguin 7:50pm — 8:00pm Phreaking Out The Northern Pacific Switched Telecommunications Network — DC4US 8:00pm — ??? Open Workshops Projects + Drinking + Games

.::OPEN PROJECTS::.

DC201 Hacker Show & Tell — Everyone

Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

DEF CON CTF Qualifier 2020 — Everyone

JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

Pre-Show :: Black Hat Webcast Series — Stalkerware: Solutions for Mitigating its Impact on Privacy and Security

:..>With the sudden and massive shift to users working remotely, individuals and businesses are exposed to privacy and security vulnerabilities more than ever. Nefarious applications such as stalkerware and spouseware are putting people and enterprises increasingly at risk.

In this webcast, EFF’s Director of Cybersecurity, Eva Galperin examines her research into the market in stalkerware, spouseware, and other nefarious applications that are being deployed to attack our sense of privacy and security.

She will reveal possible activist, technical, and legal approaches to fighting stalkerware and give an overview of how the fight is going so far.

:..>Bio: Eva Galperin aka Evacide is EFF’s Director of Cybersecurity and the head of EFF’s Threat Lab. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world.

DEFCON 201 Announcements & Code of Conduct :..>DEFCON 201 will start with various updates about our activities in early 2020, our post Corona Virus Pandemic measures and an overview of the Code of Conduct linked on our website.

Mental Health Hackers: Contents Under Pressure :..>Mental Health Hackers are a group of information security professionals passionate about helping others. Their mission is to educate tech professionals about the unique mental health risks faced by those in our field — and often by the people who we share our lives with — and provide guidance on reducing their effects and better manage the triggering causes. They also aim at providing support services to those who may be susceptible to related mental health issues such as anxiety, depression, social isolation, eating disorders, etc. In this talk they will explain how they foster conversations about mental health problems in the InfoSec community, how they provide support and information to how to recognize, manage, and conquer mental illness, the unique challenges and situations faced by the hacker community’s social and work enviroments and how mental health is being exastrubated with the COVID-19 Pandemic.

:..>Bio: Amanda Berlin aka InfoSystir is a Sr. Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author for a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, O’Reilly Security, GrrCon, and DEFCON. While she doesn’t have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quick to new technologies.

WikiLoop Battlefield :..>Originated from Google, Project WikiLoop is an umbrella program for a series of technical projects intended to contribute datasets and toolings from the technical industry back to the open knowledge world. WikiLoop Battlefield is an open-source, crowd-sourced counter vandalism tool for Wikipedia and Wikidata.org. Built on web technology, WikiLoop Battlefield allows a quick launch from either desktop or mobile phone without needing to install resident software. Its objective is to reduce the barrier for Wikipedians wishing to assist in patrolling Wikipedia revisions. In this DEEFCON Group meetup, we will present the WikiLoop Battlefield and give a brief introduction to the roadmap of Project WikiLoop overall.

:.>Bio: Bio: Zainan Victor Zhou aka Xinbenlv is a tech lead and software engineer at Google. He leads the Project WikiLoop efforts, and is the author and primary developer of WikiLoop Battlefield. Zainan specializes in full stack development, big data, machine learning and technical projects involving community engagement. Zainan is also an active open source developer and Wikipedia editor.

Hardening Your Face Against COVID-19 With DYI Face Masks :..>Thanks to mass panic buying, proper PPE equiment mainly face masks for both medical and civilian personel have become harder to find. In this COVID-19 crisis, many are forced to create their own. In this short video and show & tell, two amazing seamstresses will show off how they made their own home made masks that meat PPE standards, one with carbon filters and one that works as a barrier for air particles and how you can obtain them or build them yourself.

:..>Bios: Kira Waszak is a mother, performer, Singer, sculpture, creative problem solver, lover, designer. Find her at her modeling page: https://officialcrimsonrose.com/

Atomic Penguin is a nerd, a gamer, and five penguins stuffed into a human suit.

Phreaking Out The Northern Pacific Switched Telecommunications Network :..>The Northern Pacific Switched Telecommunications Network is a peer-to-peer VoIP network started in 2018 based purely on previous Bell System standards and practices. It is a very well structured network with real live 24/7 operators and tons of trunks where you can blue box till you are blue in the face. Conceived as an alternative and supplement to C*NET, NPSTN today is a fully-fledged VOIP telephone network for phone phreaks and telephone collectors with over 80 members in 10 countries. This talk will go into detail on how NPSTN is able to connect network-operated coin telephones without any major hardware modification to the phone itself, other than just a zip-tie on the coin relay to make coins fall straight into the vault instead of waiting in the hopper. This includes the development of the special asterisk code to detect coin-denomination tones that allows anyone to get their payphone on NPSTN to just connect it to a channel bank or VoIP ATA set a few settings on the ATA. This presentaiton will conclude into the Open Project segment with a live demo of the NPSTN Coin toll ticketing system.

:..>Bio: DC4US a 17 year old phone phreak from Winter Springs, Florida. He spends most of his time red boxing payphones in West Virginia, finding diverters and extenders, wardialing and scanning, exploring the whole U.S. PSTN, beige boxing, and social engineering central office technicians to creating test lines for him that they probably shouldn’t. His biggest claim to fame was walking straight up to the courtest Mickey Mouse phone in guest services and, in front of many people, bypassed there toll restriction and called long distance out of a Walt Disney World’s DMS-100 and listening to some intercept messages some 1,000 miles away on a phone meant to only call within the same LATA until he was approached by Disney Theme Park & Resort Security who was wondering why somebody was on the phone for an hour seemingly dialing numbers in rapid succession. He started NPSTN ( the Northern Pacific Switched Telecommunications Network) in 2018 and it quickly matured after that thanks to his friends Naveen Albert and Brian Clancy, who unfortunately passed away this year due to terminal illness.

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell :..>DEFCON 201 members will be given the section immediately after the Lightning Talks to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Folding@Home VS Coronavirus :..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

DEF CON CTF Qualifier 2020 :..>This Friday, starting on May 15th at 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the DEF CON CTF Qualifier 2020! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after to April 15th 8:00 PM EST until April 17th 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://medium.com/@defcon201/defcon-201-online-ctf-practice-challenge-def-con-ctf-2020-qualifier-may-15th-may-17th-8d93c7d49c6d?source=friends_link&sk=347c2245cc5d952d57ca3ec6816b99b4

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. You can also harden your Mac or use Windows SubSystem. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Jackbox Party Pack 3 Online Games :..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::