DEFCON 201 Online Meet Up — August 2020 — Digital Campfire

Image for post
Image for post

Date: August 21st, Friday

Time: 4:00 PM EST — 7:40 PM EST (9:00 PM EST ONLINE)

Location: ONLINE (SEE BELOW), LIMITED SEATING @ Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/272715571/

Facebook: TBA

Write.As [TOR]: TBA

Hackaday: TBA

::DEFCON 201 — CODE OF CONDUCT::

Welcome to the August 2020 DEFCON 201 Meet Up!

Yup…the world still sucks.

Between the Postal Service Going Postal (censoring our rights as US Citizens), A Giant Deadly Explosion, Fire F&$king Tornados (not related) and COVID-19 raging on until the end of the year it’s easy to fall into despair.

However, the best thing about the Hacker Community is how we all come together no matter the obsticals. We had so many virtualized conventions in the past four weeks that 2020 was truly the year of Ultimate Hacker Summer Camp.

So we have built a small physical campfire at our Sub Culture venue and a HUGE bonfire digitally online as we share our stories and our hacks from each of these conventions.

Details of the in-person meet below:

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

Live Streams:

Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

EMAIL US TO INQUIRE FOR VIDEO CONFERENCING LINK!

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG

.::AGENDA & SCHEDULE::.

ALL TIMES ARE EASTERN STANDARD (EST)
4:00pm — 5:30pm
AFK: Meet & Greet+ Open Workshop Projects + Games
ONLINE: Diana Inititive Badge Soldering Workshop
5:30pm — 6:00pm
DC201 Show & Tell
6:00pm — 6:30pm
Insert Coin: Upgrading Raspberry Pi Arcade Machines — sirocyl, GI Jack
6:30pm — 7:30pm
First Contact — Vulnerabilities in Contactless Payments
7:30pm — 7:40pm
E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM
7:40pm — 9:00pm???
Campfire Stories: Digital Hacker Summer Camp Roundtable

.::OPEN PROJECTS::.

Diana Inititive Badge Soldering Workshop — Chris TechGirlMN

DC201 Show & Tell — Everyone

Google CTF — Everyone

Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

Image for post
Image for post

Campfire Stories: Digital Hacker Summer Camp Roundtable

:..>HOPE 2020, DEFCON Safe Mode, Black Hat USA, USENIX, Kids SecuriDay, Data Collectors NYC, European KubeCon, RingZer0, Diana Inititive…the last four weeks has been truly the Ultimate (At Home) Hacker Summer Camp. We call on ANYONE and EVERYONE who has atteneded or ran any virtual convention during this time to talk about their experiences, the highs, the lows, the hacks and the plain weirdness around the digital campfire! Email us at INFO (at) DEFCON201 [dot] ORG for the Jitsi invitation link!

Black Hat USA: First Contact — Vulnerabilities in Contactless Payments

:..>Contactless payments are fast replacing cash and chip inserted transactions. Now Accounting for a staggering 40% of transactions globally. Yet, contactless makes use of protocols much older than the technology itself. With this in mind, just how safe and secure are contactless payments?

In this talk, we discuss the intricacies of the EMV protocols. Our findings show that contactless payments are not as safe and secure as first thought. Their reliance on older technology has introduced several flaws into their protocols.

We detail new vulnerabilities; how to bypass limits for contactless payments made using cards and how to circumvent limits for mobile wallets, even on locked devices. We also cover flaws in the generation keys values, the unpredictable number (UN) and application transaction counter (ATC).

We close the session by discussing how existing implementations of card authorization processes differ from each other. Finally, we talk about the best practices that should be implemented to create a secure environment for payments.

:..>Bio: Leigh-Anne Galloway is Head of Commercial Research at Cyber R&D Lab. She specializes in application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities. Having previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Troopers, Black Hat USA, and Black Hat Europe.

Timur Yunusov is a Head of Offensive Security Research and a Security Expert in the area of banking security and application security. He regularly speaks at conferences and has previously spoken at CanSecWest, PacSec. DEF CON, Black Hat USA, Black Hat Europe.

Insert Coin: Upgrading Raspberry Pi Arcade Machines

:..>One of the best features of our venu at Sub Culture is the Raspberry Pi’s that host a bunch of emulated retro games for partrons to play on. While sadly they are offline due to restrictions on COVID-19, we are going to give a tour of how these machinges are set up and look into implimenting the upgrades the venue’s staff has tasked us to perform!

:..>Bio: GI Jack is one of the Co-Founders of DEFCON 201. He might have seen a Ninja that had built their own hacker variant of Arch Linux known as Ninja OS. You might be able to also find this ninja at: https://ninjaos.org/

sirocyl — is a DEFCON 201 alumni and is the founder of the famitracker.org FamiTracker and Famicom/NES music community. He also part of MAGFEST video game convention staff.

E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM

:..>E-Viction is a self-destructing platform where sex workers and artists create intimate encounters and exchanges to imagine a world beyond SESTA/FOSTA. For 12 hours, the platform will feature virtual peepshows, chat rooms, and art that all protest digital gentrification, before dramatizing the otherwise invisible censorship of sex workers by self-destructing. E-Viction is a direct response to our urgent need for a digital public sphere and the challenges of sex worker survival in COVID-19. DEFCON 201 will give a quick tour and links to interact with and fight against Internet Censorship while having a fun time on a lonely coronavirus night!

:.>Bio: Veil Machine is an art collective founded by Empress Wu, Niko Flux, and Sybil Fury that uses a relational and intimate art practice to explore problems of power, erotics, and identity in sex/art work.

Empress Wu (b. 1997) is an NYC-based dominatrix and cultural activist who primarily operates via performance, curation, writing, and production to explore the semiotics of sex work, and its effect on the body politic. | https://www.empresswu.net/creative

Niko Flux (b. 1993) is a persona created through sex work, but destined to make art. She explores intergenerational lineages, queer surreality, and subterranean other selves. https://www.mistressniko.com

Sybil Fury (b. 1993) is a fantasy born from the imagination of a PhD student, sex worker, curator, and community organizer living between NYC and the Bay Area. Her work explores how the sex worker perspective opens up new possibilities for thinking about power, gender, and labor in capitalism. | https://sybilfury.com

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell

:..>DEFCON 201 members will be given in person during the Meet & Greet to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Google CTF

:..>This Friday, starting on August 21st at 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Google 2020 CTF! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until August 23rd 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://medium.com/@defcon201/ultimate-hacker-summer-camp-part-eight-google-ctf-ee2b7ac52f8a?sk=b7ee545ea73b3f58d4fd03f33b56cda4

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Diana Inititive Badge Soldering Workshop

:..>In this 90 min workshop we’ll build step by step the “Off the Shelf” badge. TOOLS REQUIRED — SOLDERING IRON, WIRE STRIPPER AND A SMALL WIRE CLIPPER you will also need solder, flux and possibility some solder braid or a solder sucker . Requires the parts listed here(link needed) as well a computer with the Arduino IDE installed (link) We’ll end the session with loading a test sketch to the Arduino.

:..>What To Bring: Aside from the supplies outlined below, you will need some basic tools: soldering iron, solder, wire stripper, snips and maybe some solder braid for those oops moments.

7 (seven) 10mm LEDS, yep we’re going to go big and bright

Amazon link

Aliexpress link

220 Ω resistors, we need to limit the current for the LEDs

Amazon link

Aliexpress link

An Arduino nano clone. Arduinos are open source so a clone is fine. A note about the nano is that they take a Mini USB, like a digital camera, so do be sure you get one with a cable or order a mini usb cable.

Amazon link

Aliexpress link

A button. This is optional; I’ll be demonstrating how to do multiple patterns but if you want to stick with just one pattern, that’s okay.

Amazon link

Aliexpress link

If you’re going with a button, it requires a resistor as well: a 10k one to be exact

Amazon link

Aliexpress link

Lastly we’ll need a bit of wire. The best option I’ve come up with for this is some male to male jumpers even if you’re not going to BB your set; if you’re doing the soldering project, stripping back the ends of some of the jumpers is worth it to be able to color code things, rather than just buying a spool of wire.

Amazon link

Aliexpress link

So now we come to the final bit: if you are choosing the soldering project you will need these solderable breadboards from [Amazon]. I used the blue ones for the prototype, but feel free to order your favorite color.

Those not wanting to solder, here’s a breadboard set from [Amazon] that includes the jumpers. Or here’s a similar set from [Aliexpress].

Folding@Home VS Coronavirus

:..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games

:..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store