DEFCON 201

Hacking

.::DCG 201 Hybrid Meet Up — October 2021 — Bride Of Hacktoberfest::.

====================================================== Date: October 15th, Friday

Time (IN PERSON): 5:00 PM EST — 8:00 PM EST

Time (ONLINE): 5:20 PM EST — ???

Location: Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/280999676/

Facebook [TOR]: https://www.facebookcorewwwi.onion/events/547235103242510/

Hackaday: TBA

=====================================================

Welcome to the October 2021 DCG 201 Meet Up!

Getting back on our feet was difficult, like, ask the world on how hard it is right now with Delta and other insanity going on. But we did it. And we are back for the spookiest season in a BIG way:

Starting with this meet up, DCG 201 will be a Hybrid event!

This means we are welcome back to our old haunt SubCulture (we miss them so much) in Jersey City in addition to LIVE Streaming parts of our meet up online.

Each will cross over but have a slightly different experience with exclusives for both.

This will be a jam-packed event that has various talks and workshops, including hosting our fourth ever Hacktoberfest event, a new CTF for us to crack, building VR out of cardboard, an in-person exclusive talk, Hacker AF movies, lockpicking & more!

Welcome back!

Oh and the next day at 8pm EST, we going to stream BOTH events and we will be streaming Metroid Dread for the Children’s Miracle Network Hospitals such as Children’s Specialized Hospital under Child’s Play!

====================================================== Live Streams: ====================================================== Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/c/defcon201

Invidious [TOR]: http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook [TOR]: https://www.facebookcorewwwi.onion/groups/defcon201/

PeerTube: https://diode.zone/accounts/dc201/video-channels ======================================================

.::AGENDA & SCHEDULE::.

ALL TIMES ARE EASTERN STANDARD (EST)

— IN PERSON @ SUBCULTURE SCHEDULE — 5:00pm — 6:15pm Meet & Greet + Open Workshops Projects + Hacker Science Theater 3000 6:15pm — 6:20pm DCG 201 Vote: What IRC Instance Should We Move To? 6:20pm — 6:25pm DCG 201 Announcements 6:25pm — 6:40pm All The World’s API — zverok 6:40pm — 7:00pm IN-PERSON EXCLUSIVE TBA — TBA 7:00pm — 7:10pm Intro to Hacktoberfest 2021 — TBA 7:10pm — 8:00pm Hacks & Hangout Until Closing (Possible Post-Meet Snack & Bar Hopping?)

— ONLINE LIVE STREAM SCHEDULE — 5:20pm — 6:20pm PRE SHOW :: Black Hat Webinar: Anti-Analysis Logic of Arm Malware on macOS — Patrick Wardle 6:20pm — 6:25pm DCG 201 Announcements 6:25pm — 6:40pm All The World’s API — zverok 6:40pm — 7:00pm INTERMISSION :: Nintendo Labo VR Blaster Build — Sidepocket & Friends 7:00pm — 7:10pm Intro to Hacktoberfest 2021 — TBA 7:10pm — ??? DCG 201 ONLINE Hacker Hangout

.::OPEN PROJECTS::. Hacktoberfest 2021 — Everyone Hacker Science Theater 3000 Presents: Johnny Mnemonic DCG 201 Vote: What IRC Instance Should We Move To? DEADFACE CTF — Everyone (First Come First Serve) Nintendo Labo VR Blaster Build — Sidepocket & Friends Practicing Lockpicking & Locksport — Sidepocket & Friends

.::LIGHTNING TALKS::.

PRE SHOW :: Black Hat Webinar: Anti-Analysis Logic of Arm Malware on macOS

:..>Apple’s new M1 systems (aka Apple Silicon) offer a myriad of benefits …for both macOS users, and well, to malware authors as well. However, before analyzing malware targeting this platform, one must master various foundational topics such as understanding and reversing arm64 code.

In this talk, we’ll cover such topics and then apply them in order to analyze the anti-analysis logic of the first malicious program compiled to natively target Apple Silicon.

Armed (ha!) with the information and analysis techniques presented in this talk, you’ll leave well on the way to becoming a proficient macOS M1 malware analyst!

:..>Bio: Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users. All The World’s API

:..>In this talk, we’ll investigate what it takes to make common sense knowledge available as hackable APIs, and why it matters. The trivia like “how many people live in Paris” or “what novels did Kurt Vonnegut write” or “what’s the synopsis of Game of Thrones S04E05” is easily reachable for a human, but frequently surprisingly hard to gather in a machine-readable way. While many particular and specialized APIs do exist, we are studying the generic approach: how humanity’s open knowledge hubs like Wikipedia and OpenStreetMap can be used to access structured knowledge from programming languages. A few practical libraries (of various maturity) presented, and potential future approaches discussed.

:..>Bio: Victor Shepelev aka zverok is a developer and writer from Ukraine. He works mainly in Ruby (and is involved in language documentation and evolution) but recently switched to Python to reach a broader audience with various passion projects of his, mostly related to open data and text processing. IN-PERSON EXCLUSIVE TBA

:..> TBA

:.>Bio: TBA

.::OPEN PROJECTS::.

Hacktoberfest 2021

:..>Hacktoberfest — brought to you by DigitalOcean in partnership with Intel, AppWrite & Deep Source — is a month-long celebration of open source software. Maintainers are invited to guide would-be contributors towards issues that will help move the project forward, and contributors get the opportunity to give back to both projects they like and others they’ve just discovered. No contribution is too small — bug fixes and documentation updates are valid ways of participating.

Hacktoberfest is open to everyone in our global community. Whether you’re a seasoned contributor or looking for projects to contribute to for the first time, you’re welcome to participate.

Pull requests can be made in any participating GitHub or GitLab hosted repository/project. Look for the ‘hacktoberfest’ topic to know if a repository/project is participating in Hacktoberfest. Pull requests must be approved by a maintainer of the repository/project to count.

You can sign up anytime between October 1 and October 31. Just be sure to sign up on the official Hacktoberfest website for your pull requests to count.

::How To Participate::

Sign Up At This Link:https://hacktoberfest.digitalocean.com/register

To Join Us On The DEFCON 201 LIVE Stream: Join us on the Discord under our #Hacking Sub-Channel.

DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using Auroa Store)

::Intro to Hacktoberfest 2021 (TALK)::

:..>In this talk, we will go over online & in-person the Do’s & Don’ts of Hacktoberfest 2021! We will go over how to sign up on GitHub & GitLab, how to do a Pull-Request on either platform and go over a list of various open-source projects with the #Hacktoberfest label we think need more attention than usual!

::Choose Trees or Tees::

Rather than receive t-shirts as swag, you can choose to have a tree planted in your name and help make Hacktoberfest 2021 more carbon neutral: https://tree-nation.com/profile/digitalocean

::Rules & Resources::

Tasks For Beginners

The following resources share repositories that curate tasks for beginners:

https://github.com/mungell/awesome-for-beginners

https://up-for-grabs.net/#/

https://www.firsttimersonly.com/

Share your Hacktoberfest journey by writing about your contributions on the DEV Hacktoberfest tag. DEV is a community visited by millions of programmers who are sharing their work to make others better: https://dev.to/t/hacktoberfest

Improve code quality of open-source projects you love. DeepSource Discover lists thousands of open-source projects that have code quality issues up for grabs.

RULES

  • Pull requests can be submitted to any opted-in repository on GitHub or GitLab.
  • The pull request must contain commits you made yourself.
  • If a maintainer reports your pull request as spam, it will not be counted toward your participation in Hacktoberfest.
  • If a maintainer reports behavior that’s not in line with the project’s code of conduct, you will be ineligible to participate.
  • To get a shirt, you must make four approved pull requests (PRs) on opted-in projects between October 1–31 in any time zone.
  • This year, the first 50,000 participants can earn a T-shirt.

A repository/project is considered to be participating in Hacktoberfest if the ‘hacktoberfest’ topic is present and is accepting public contributions via pull requests. An individual pull request can also be opted-in directly by adding the ‘hacktoberfest-accepted’ label.

A pull request is considered approved once it has an overall approving review from maintainers, or has been merged by maintainers, or has been given the ‘hacktoberfest-accepted’ label. A pull request with any label containing the word ‘spam’ or ‘invalid’ will be considered ineligible for Hacktoberfest.

Quality Standards

In line with Hacktoberfest value #2 (Quantity is fun, quality is key), we have provided examples of the pull requests that we consider to be low quality contributions (which we discourage and may be marked as spam by maintainers).

  • Pull requests that are automated e.g. scripted opening pull requests to remove whitespace / fix typos / optimize images.
  • Pull requests that are disruptive e.g. taking someone else’s branch/commits and making a pull request.
  • Pull requests that are regarded by a project maintainer as a hindrance vs. helping.
  • Something that’s clearly an attempt to simply +1 your pull request count for October.
  • Last but not least, one pull request to fix a typo is fine, but 5 pull requests to remove a stray whitespace is not.

Spammy pull requests can be labeled as “spam” or “invalid.”

Maintainers are faced with the majority of spam that occurs during Hacktoberfest, and we dislike spam just as much as you.

If you’re a maintainer, please label any spammy pull requests submitted to the repositories you maintain as ‘spam’ or ‘invalid’, and close them.

Pull requests with a label containing either of these words won’t count toward Hacktoberfest.

Pull requests must be approved by a maintainer.

Once a participant has submitted a pull request that is ready-to-review to a participating project, it must be approved by a maintainer of that project before it will count toward Hacktoberfest.

PRs can be accepted either by being merged, having an overall approving review, or having the ‘hacktoberfest-accepted’ label.

After a PR is approved it enters a fourteen-day review window where our team can take action against any participants we believe to be contributing in bad faith, and maintainers can revoke their approval if they decide that a PR isn’t actually a legitimate contribution.

After the fourteen-day window has passed, the PR becomes eligible for Hacktoberfest and this cannot be reversed. Bad repositories will be excluded.

We’ve seen many repositories that encourage participants to make simple pull requests — to quickly gain a pull request towards winning. While these projects may be a valuable learning tool for new contributors, they often aren’t valuable and high quality contributions to open source projects, and go against one of our core values for Hacktoberfest.

Some examples of projects that don’t follow the values of Hacktoberfest include:

Projects asking contributors to add their name or profile information to a list

Projects asking contributors to submit assorted data structures and algorithms (DSA)

Projects asking contributors to curate arbitrary lists of quotes, interview questions, etc.

The quality of pull requests is paramount; quantity comes second.

They’ve implemented a system to block these repositories, and any pull requests submitted to such repositories will not be counted.

::Event Privacy Policy:: Hacktoberfest '21 FAQ https://hacktoberfest.digitalocean.com/faq

Legal – Privacy Policy https://www.digitalocean.com/legal/privacy-policy/

======================================================

Hacker Science Theater 3000 Presents: Johnny Mnemonic :..>Exclusively in person join us meetings for various hacker film and documentary screenings. First up is a classic that has aged beautifully and horribly at the same time:

Johnny Mnemonic is a 1995 Canadian-American cyberpunk action thriller film directed by Robert Longo in his directorial debut. The film stars Keanu Reeves and Dolph Lundgren. The film is based on the story of the same name by William Gibson. Keanu Reeves plays the title character, a man with a cybernetic brain implant designed to store information. The film portrays Gibson’s dystopian view of the future with the world dominated by megacorporations and with strong East Asian influences.

DCG 201 Vote: What IRC Instance Should We Move To? :..> If you have been living under a rock lately, we regret to inform you that Freenode imploded under it’s own arrogance and stupidity leading to a mass exodus of IRC Channels. Since we use to host under Freenode, we plan on moving the #DEFCON201 IRC Channel to another IRC Server. We your help in us voting in a new one. The options are:

  • LiberaChat
  • HackInt
  • OFTC

We want to hear your opinions in person and you can help online by voting on our active poll on our Twitch Channel!

DEADFACE CTF :..>This Friday, starting on October 15th at 10:00 AM EST, we invite all DCG 201 Members, Attendees and Fans to help us hack the DEADFACE CTF 2021! If you are new to Online CTF, we will help you get set up and walk you through some of the challenges. Then you can log in anytime after until July 18th 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://defcon201.medium.com/dcg-201-online-ctf-deadface-ctf-2021-october-15th-16th-c9c529e68927

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Nintendo VR Blaster Build & Play :..>We have a new cardboard engineering construction for anyone of any skill level to try out. Combine DIY fun with simple, shareable VR, plus a new programming tool you can use to make your own quick play VR games and experiences! When finished, we will take turns blasting through an alien invasion, test your skills at competitive hippo feeding, and go wherever else our imagination takes us! NOTE: Guests will be required to follow social distancing measures including the wearing on non-latex gloves and wearing masks.

:..>What To Bring: The ability to follow instructions and fold paper. The play portion needs two working eyes with depth perception and a resistance to motion sickness.

Practicing Lockpicking & Locksport :..>DEFCON 201 will have padlocks and professional practice tumblers provided by TOOOL to practice on. Fun and easy to learn for all ages and backgrounds with two expert instructors! We will also have sanitation and social distancing rules in place due to the ongoing COVID-19 Pandemic.

:..>What To Bring: All lockpicking tools and practice locks will be provided. You are free to bring any lock you own that you DON’T RELY ON or any lockpicking tools and bypasses to the space. If you decide to bring something, we have a manditory sanitation on site of the tool/lock you bring before it’s allowed to be interacted with.

::END OF LINE::