COMMUNITY SPOTLIGHT :: Wikimedia NYC Hackathon, DCG 212 Meet-Up, ZeroSpace Holiday Party & Coat Drive, Tech Tribe Chanukah 5784, Blockchain Mega Party & BSides Philly 2023
For no reason at all, this week in December 2023 is Hacker AF. We have been informed that it has to do something in the bullshit Astrology but why would someone put a dangerous chemical like Mercury in a RetroPie is beyond us.
Here‘s’ the deetz:
Wikimedia Hacking Night 2023
Date: Wednesday, December 6, 2023
Time: 7:00 pm — 10:00 pm EST
Location: Prime Produce Website (424 W 54th St, New York, NY 10019)
Online: IRC at #wikimedia-tech
Wikimedia New York City invites you to attend our first NYC Hacking Night on Wednesday, December 6, from 7:00 pm — 10:00 PM ET. Food and wifi will be provided! This event is intended for technical contributors, but we are happy to guide newcomers as well. If you can’t stay for the whole time, feel free to drop by for however long you can.
All attendees are subject to Wikimedia NYC’s Code of Conduct and the Technical Code of Conduct.
DCG 212 December Meet-Up
Date: Thursday, December 7th
Time: 7:00 PM EST — 9:00 PM EST
Location: FatCat Fab Lab (224 West 4th street, Second Floor · New York, NY)
Monthly Meeting of DC212, changed to the second Thursday of every month
If you have a thing to talk about, send it over and we can host it, otherwise we will talk about the latest CYBER news, hacker memes you might have seen, attempt to pick locks. and other things that may or may not be relevant.
Please stay at home if sick, experiencing COVID-like symptoms, or really any symptoms suggesting a communicable illness.
Event will be edited if we have anyone interested giving a talk.
ZeroSpace 2023D: Holiday Party & Coat Drive
Date: Thursday: December 7th
Time: 6:00 PM EST — 11:00 PM EST
Location: ZeroSpace — Studio C Entrance (337–345 Butler St, Brooklyn, NY 11217)
Join ZeroSpace, 4Wall Entertainment, Scatter and Looking Glass for an exclusive event to celebrate the end of 2023D.
We’ll be celebrating Looking Glass’ newest advancements in holographic technology. We’ve got a few surprises in store that promise to wow you at this laid-back holiday soirée.
More importantly — ZeroSpace is partnering with New York Cares to run a coat drive at the party. We encourage attendees to donate any new or gently used warm winter coats. Coats collected during the event can be dropped off in our subway set. Let’s fill up our subway with coat donations!
Join us for drinks and interactive demos of our motion capture stage, virtual production stage, Scatter Depthkit stage, and more! Stop by to mingle with other 3D creators, like members of the XR Motion meetup!
Tech Tribe Chanukah 5784
Date: Thursday: December 7th
Time: 6:00 PM EST — 9:00 PM EST
Location: Flatiron District, RSVP For Location
✨ Join us on 12/7 for an amazing Chanukah party for Jews in tech and digital media!
👥 Schmooze & mingle with other great people.
🌆 Enjoy drinks, latke bar, boozy ice cream, Chanukah doughnuts & other eats.
🔥 Kindle our AR Menorah and pick up your own menorah or get one to give to a friend!
📍 In the Flatiron District, exact location revealed after RSVP.
Blockchain Mega Party
Date: Thursday: December 7th
Time: 7:00 PM EST — ???
Location: Sour Mouse (110 Delancey St, New York, NY 10002)
If RSVPs are full, please RSVP here.
Find a full list of our upcoming events at https://crypto311.com
Hosted by NYC’s largest blockchain community Blockchain NYC
Forget about networking (you still can).
Forget about staking.
Forget about your portfolio.
Unleash that crypto toxicity with us for one night, we’ll provide the EDM music and DJ.
BSides NYC
Date: Friday: December 8th
Time: 8:00 AM EST — 5:00 PM EST
Price: $25 Online, $35 At The Door
Location: Netrality Data Centers (401 North Broad Street, Fifth Floor
Philadelphia, PA 19146)EventBrite: https://www.eventbrite.com/e/bsidesphilly-2023-tickets-716618273547
BSidesPhilly seeks to create awareness and improve upon the conversation and research of security topics within the Philadelphia region for researchers, professionals, and practitioners alike. The conference aims to give these various groups a chance to meet, engage in conversation through scheduled talks and events, as well as offer a networking opportunity that will result in new collaborative efforts for research and other security projects. Above all, our goal is to create a self-sustaining event that will continue on an annual basis through the attendance and support of the security community.
Out of NOWHERE a hacker convention emerges! This one is very local, very new, and very unique with some villages you never see anywhere else and a few noteworthy speakers all located in an actual data center! What could go possibly wrong with hackers at a data center? (Everything.)
BSides Philly Map
BSides Philly Villages
Villages are open spaces divided up by topic that host hands-on activities, demos, and workshops throughout the conference. They are generally less formal than the standard tracks and offer an alternative learning environment from the straight talk/lecture structure. They’re also a great place to socialize and make contacts in the community!
Toool Lockpicking Village
The Open Organization of Lockpickers (TOOOL)
The Open Organisation Of Lockpickers, or TOOOL, is an international group of lockpicking enthusiasts dedicated to advancing the general public knowledge about locks and lockpicking through teaching, research, and competition. TOOOL in the United States is a 501(c)(3) non-profit organization with Chapters in more than 20 states, including affiliated Chapters in Canada.
Blue Team Village Team
Blue Team Village CTF Team
Welcome to the other side of the hacking mirror. Blue Team Village (BTV) is a place and a community built for and by defenders. It’s a place to gather, talk, share, and learn from each other about the latest tools, technologies, and tactics our community can use to detect attackers and prevent them from achieving their goals
IOT Village Team
IoT Village
IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE)
Temple OSINT Challenge Team
Temple OSINT Challenge
The Cybersecurity in Application, Research, and Education (CARE Lab) focuses on the human, behavioral, and psychological aspects of cyberattacks/security. It runs summer social engineering competitions every year for high school, undergraduate, and graduate students, where they put themselves in the adversary’s mindset and leverage this knowledge to design effective cybersecurity measures. The CARE Lab also works with local nonprofits to offer cyber hygiene training and awareness for youth, elderly, the previously incarcerated, and small businesses. You can read more about the lab at sites.temple.edu/care
Career Village Team
Career Village Team
Want a job and struggling on getting one, this team will help you find the right fit to get start or continue your cybersecurity career,
Sound Hacking Village Team
Sound Hacking Village
Want to learn how synthesizer or other electronic equipment is designed and used, learn from https://www.instagram.com/modularonthespotphilly!
Music Village
Multidisciplinary artist based from Philadelphia, working at the intersection of sound and visuals. They will be merging visual art and sound design through projection mapping, audio/visual live performances, and installation art. Their work explores the manipulation of fragmented textures through modular synthesis, field recordings, and software. The artistic practice is rooted in collaboration; using technology to activate and elevate work by visual artists, musicians, galleries, and museums.
DCG 201 TALK HIGHLIGHTS FOR BSides Philly (EST)
This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)
Keynote: The Cybersecurity State of the Union
Join Space Rogue (C. Thomas), IBM X-Force Global Lead of Policy and Special Initiatives, as he delivers the Cyber Security State of the Union, where he will discuss this year’s most prominent threats, who they’ve targeted, how much it’s costing various industries and geographies, and what we can expect from emerging threats on the horizon
TRACK 1
9:00 am — 9:30 am
Ethical Considerations of AI Usage in Marginalized Communities
In the City of Philadelphia more than 100 neighborhoods struggle with Internet deserts. The integration of Generative Artificial Intelligence (AI) exacerbates this digital gap. Let’s talk about the ethical challenges arising from AI usage in marginalized communities, encompassing concerns related to bias, fairness, and data privacy. Let’s talk about responsible AI development and deployment strategies tailored to uplift individuals and communities who have been let down by technology and society.
TRACK 1
9:45 am — 10:15 am
Veilid, so easy a teenager can do it!
At DEF CON 31 Cult Of The Dead Cow announced they would break the internet with Veilid, an open-source, peer to peer, mobile-first, network application framework. Come and learn how you can help cDc take back the internet, building distributed private applications. Don’t want to build an app? Spin up a node and help out the network!
Veilid goes above and beyond existing privacy technologies and has the potential to completely change the way people use the Internet. Veilid has no profit motive, which puts us in a unique position to promote ideals without the compromise of capitalism.
With Veilid, the user is in control, in a way that is approachable and friendly, regardless of technical ability. We want to give the world the Internet we should have had all along.
- Bianca Lewis (BiaSciLab)
TRACK 1
10:15 am — 10:45 am
Stacked & Hacked: Crafting the Ultimate COTS Response Arsenal
A swift, well-coordinated incident response can spell the difference between a minor hiccup and a full-blown crisis. Harnessing the power of Commercial Off-The-Shelf (COTS) tools, we’ll take you on a journey of assembling a potent incident response stack. Through real-world experiments and research, we will dive deep into the intricate dynamics of tools like Cyngular Security and ThreatLocker. From high-level strategy to the nitty-gritty of tactical testing, you’ll gain insights into not just the ‘how’ but the ‘why’ of our choices.
TRACK 2
10:45 am — 11:15 am
The Payphone You Have Dialed Has Been Disconnected — The State (and Revival) of Payphones in 2023
Payphones were once ubiquitous in the US, but now you’d be hard-pressed to find one — especially in working order! While most people have largely forgotten about payphones, we are trying to figure out what is still out there and how to bring them back! In this talk we will explore the current state of payphone infrastructure framed though exploratory phone scanning/usage tracking, COCOT oddities, and revival/preservation projects like our own PhilTel. We’ll discuss what it takes to build up your own VoIP-based free-to-use payphone service and how, through it, you can not only place/take calls from the PSTN but relive the joys of phreaking the phone system by way of the telephone hobbyist network PhreakNet!
TRACK 1
11:15 am — 12:05 pm
Threat Hunting on a shoestring budget
In a time where cyber threats are escalating in complexity and frequency, organizations often find themselves operating with limited resources and expertise to counter these threats effectively. “”Do More with Less — Threat Hunting on a Shoestring Budget”” seeks to explain how generative AI can be a game-changer in threat hunting, offering a cost-effective and powerful tool to tackle the burgeoning complexity of cyber threats. Through this talk, we intend to demystify the synergies between generative AI and cybersecurity, providing attendees with a blueprint to enhance their threat-hunting capabilities
without a corresponding increase in costs by utilizing generative AI to fill the gaps in expertise.
TRACK 1
2:00 pm — 2:50 pm
Striking the right notes — Protecting Music Royalty Shares
Jukebox Co. (JKBX; pronounced “Jukebox”) operates a technology platform located at http://www.JKBX.com that aims to unlock shared value from the things people love by offering consumers access to royalties as an asset class. By merging music appreciation with traditional investing, JKBX redefines how retail investors and music lovers interact with the songs they know and love. With a commitment to supporting artists and delivering value to investors, JKBX is set to become a transformative force in music and investing.
The security team at JKBX has taken a unique approach to protect what is important to JKBX, from confidential music rights information to customer personally identifiable information (PII). This talk will provide a behind-the-scenes look at our journey to build security into the JKBX platform and the outcomes we have achieved. The audience will learn about our security principles, how we implemented them, and the challenges we overcame.
TRACK 2
3:00 pm — 3:50 pm
Hunting for Credential Dumping Attacks in Modern Windows Environments
This presentation will begin by highlighting the severity of credential dumping attacks through discussion of previous high-profile incidents where it occurred as well as the effects on organizations where our team was part of the incident response process. The defenses that Microsoft implemented for Windows 10 and later operating systems versions to attempt to prevent credential dumping attacks will then be presented so that attendees understand the current state of mitigations.
This background coverage will be followed by presentation of the wide variety of techniques that still work on Windows 10+ systems for credential dumping, and, for each technique, we will present how they can be detected using memory analysis and/or event log forensics. This portion of the talk will include many screenshots of Volatility plugins detecting malware within infected samples as well as event log data that supports scalable and historical detection of the techniques.
In our experience, event log analysis allows for historical detection of malware across enterprises whereas memory forensics is required to fully investigate still compromised or recently compromised systems. By combining these two approaches, we have successfully detected and remediated credential dumping attacks within large enterprise environments.
Our goal with the proposed presentation is for attendees to leave with the ability to hunt for credential dumping attacks within production Windows enterprise environments.
TRACK 1
4:00 pm — 4:50 pm
