Welcome to the DCG 201 Guides for Hacker Summer Camp 2023! This is part of a series where we are going to cover all the various hacker conventions and shenanigans both In-Person & Digital! This year in 2023 somehow bigger than it was in 2022 and thus we will have a total of 15 guides spanning 3 Months of Hacker Insanity!
As more blog posts are uploaded, you will be able to jump through the guide via these links:
HACKER SUMMER CAMP 2023 — Part One: Surviving Las Vegas & Virtually Anywhere
HACKER SUMMER CAMP 2023 — Part Two: Capture The Flags & Hackathons
HACKER SUMMER CAMP 2023 — Part Three: SummerC0n
HACKER SUMMER CAMP 2023 — Part Four: Zero Gravity by RingZero
HACKER SUMMER CAMP 2023 — Part Five: The Diana Initiative
HACKER SUMMER CAMP 2023 — Part Six: BSides Las Vegas
HACKER SUMMER CAMP 2023 — Part Seven: Black Hat USA
HACKER SUMMER CAMP 2023 — Part Eight: SquadCon by Black Girls Hack
HACKER SUMMER CAMP 2023 — Part Nine: DEFCON 31
HACKER SUMMER CAMP 2023 — Part Ten: USENIX + SOUPS
HACKER SUMMER CAMP 2023 — Part Eleven: Chaos Computer Camp
HACKER SUMMER CAMP 2023 — Part Twelve: Wikimania 2023
HACKER SUMMER CAMP 2023 — Part Thirteen: HackCon XI
HACKER SUMMER CAMP 2023 — Part Fourteen: Blue Team Con
HACKER SUMMER CAMP 2023 — Part Fifteen: Hack Red Con
HACKER SUMMER CAMP 2023 — Part Sixteen: SIGS, EVENTS & PARTIES
SummerC0n 2023 Hybrid Conference
Date & Time: Friday, July 14th (10:00AM — 7:00PM EST) — Saturday, July 15th (10:00AM — 7:00PM EST)
Location: Littlefield (635 Sackett Street Brooklyn, NY 11217)
Website: https://www.summercon.org/
Virtual Tickets (IN-PERSON SOLD OUT): https://www.eventbrite.com/e/summercon-2023-registration-562594173317?aff=scweb
Virtual Platform(s): Zoom
Schedule: https://www.summercon.org/schedule/
Live Streams:
This free ticket gets you access to the Zoom Webinar. They’ll email conference links to the email address you use to register: https://www.eventbrite.com/e/summercon-2023-registration-562594173317?aff=scweb
YouTube: https://youtube.com/live/O0gDd8jXgfY
Virtual Chat: Zoom Chat
Affordability: SummerC0n is FREE for the Virtual Zoom Webinar that will cover the entire convention. You must have a ticket via EventBrite for the Virtual Link. In-Person tickets are SOLD OUT.
Code Of Conduct: https://www.summercon.org/conference/
It’s time for Summercon!
Summercon is one of the oldest hacker conventions, and the longest running such conference in the United States. It helped set a precedent for more modern “cons” such as H.O.P.E. and DEF CON.
Summercon is open to everyone, including “hackers, phreakers, phrackers, feds, 2600 kids, cops, security professionals, U4EA, r00t kids club, press, groupies, chicks, conference whores, k0d3 kids, convicted felons, and concerned parents.
Summercon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, Washington, D.C., New York City, Austin, Las Vegas, and Amsterdam. Originally run by Phrack, the underground ezine, and held annually in St. Louis, the organizational responsibilities of running Summercon were transferred to clovis in 1998 and the convention took place in Atlanta, dubbed ‘Summercon X’.
In its modern incarnation, it is currently organized by redpantz and shmeck, who emphasize the importance of face-to-face interaction as technology increasingly mediates relationships between members of the information security community.
One of the oldest hacker conventions along with The Annual Phone Phreak Convention, Pumpcon & HoHoCon, they’ll be kicking off the summer conference season with their great presentations, games, drinks, and a celebration of the Pwnies! Designed to be smaller and more personal in size and scope, they will be using the same hybrid format as they did in 2021.
Following the City’s recommendation, littlefield will no longer require proof of COVID-19 vaccination for entry. Guests are welcome to wear masks indoors based on their comfort level. All littlefield staff remain fully vaccinated. By attending indoor events, you are voluntarily assuming all risks related to exposure to COVID-19 and littlefield and its personnel are not liable for any issues arising from exposure.
See you there!
HACKING THE BIG APPLE
Once you’ve arrived in New York City, here are some transit suggestions for getting to Littlefield in Brooklyn. You can also find suggestions and specific time information at https://tripplanner.mta.info.
Offline NYC MTA Subway Map for Android: https://play.google.com/store/apps/details?id=com.thryvinc.nycmap&gl=US
Offline NYC MTA Subway Map for iOS: https://apps.apple.com/us/app/new-york-city-subway-map/id683294660?ign-mpt=uo%3D8
One ride on a subway or local bus is $2.75 (transfers are free between modes of transit). 7-day unlimited MetroCards, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. All buses and subway entrances are also equipped with OMNY readers, which will allow you to use a contactless credit or debit card for your fare. If you do not want to leave a digital trail of your travels, we suggest you purchase a MetroCard with cash or coins. Learn more about buying MetroCards at https://new.mta.info/fares/where-to-buy-a-metrocard.
VIA MTA LOCAL TRANSIT
For those who have been away from awhile, in addition to the crappy hard-to-scan MTA Metro Cards, the MTA System has their now RFID NFC Tap-To-Pay OMNI System:
VIA MTA EXPRESS BUS
(You will need a MetroCard to ride the MTA. 7-day unlimited options, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. If you plan on utilizing the Express Bus option, one ride is $6.75. You can also purchase a 7-day unlimited MetroCard with Express Bus availability for $62.)
VIA LONG ISLAND RAILROAD (LIRR)
(Long Island Railroad tickets are available for purchase at LIRR stops, including Penn Station. They may be purchased in conjunction with MetroCards at marked kiosks. You will need a MetroCard to get on the local bus.)
VIA CAR (ALSO DIRECTIONS FOR LYFT, UBER, ETC.)
VIA CITI-BIKE RENT-A-BIKE & REVEL SCOOTER
VIA THE NY WATERWAY FERRY
ABOUT LITTLEFIELD
Littlefield has been one of NYC’s premier independent live venues since 2009. It has showcased some of the best comedy, live music, dance parties, podcasts, art, film and theater. Currently housed in a former 1920’s printing press warehouse, littlefield’s layout and sound system also makes it ideal for weddings, private parties, conventions and festivals.
- Between 3rd and 4th Avenues
- R to Union Street, then
one block to Sackett. - 2, 3, 4, 5, B, D, N, Q to
Atlantic Avenue or Pacific Street. 9 blocks south to Sackett.
THE OTHER SIDE OF THE CON
SummerCon has a great option for those who missed out on getting a ticket or are at the con but want to experience it in a less crowded, open air place. Around the corner on Degraw between 3rd & 4th Avenues, Parklife BK is the half outside, half-inside sister-location of Littlefield. Many of the con attendees will be there and it has a full bar with food & drink. In addition, the LIVE Stream of the convention will be displayed on the TV and projector screen. No con fees, just pay for food and drink!
Parklife (636 Degraw St, Brooklyn, NY 11217)
PLACES NEARBY:
Kosher Restaurant: https://www.tripadvisor.com/Restaurants-g60827-zfz10768-Brooklyn_New_York.html
Insomnia Cookies (Late Night Snack Store): https://insomniacookies.com/locations/store/1228
PRE-REGISTRATION PARTY
The traditional Summercon pre-registration is once again at Canal Bar, Thursday (June 13th) from 7pm-10pm.
Get your wristbands, T-shirts, and swag; see your friends, throw a shoe; whatever. We’ll see you at Canal — 270 3rd Ave # A, Brooklyn, NY 11215
PWNIE AWARDS 2023 NOMINATIONS
How do I submit?
On the website linked below you will find a list of categories they’ve selected for this year’s pwnie awards! Simply click the category you’d like to submit to and you’ll be brought to a Google form asking you a few questions. If you don’t want your submission to be tossed out the door immediately we HIGHLY recommend following the instructions as accurately as possible.
How do I win?
All accepted nominations are voted on by a select committee of hackers, breakers, and coders. Simply put, if your hacks are great you get a pwnie.
How do I collect?
A selection of nominations will be announced at SummerCon in NYC. If you’ve been nominated we ask that you kindly join them this year at Black Hat USA in Las Vegas where the winners are announced and given their very own Pwnie Awards!
If you can not make it, they will reach out to arrange some way to get it to you.
Submission Guidelines, Requirements, Tips & Tricks
The PWNIE Awards Staff ask that submissions be well written and explain in clear and concise terms why you think the nomination deserves a pwnie. Just because you submit a nomination does not mean it will be accepted into the running. They receive many dozens of submissions every year and if you put some thought and effort into your submission they’ll happily give it the due consideration it deserves.
If you copy/paste your entire 500 line PoC it’s going to be immediately tossed out and/or lambasted on social media. If you send them a single link to a tweet with zero context it’s getting the ol > /dev/null treatment.
CDC ANNOUNCEMENT
Our friends from the Cult of the Dead Cow have a quick announcement. We’re as curious as you are!
DCG 201 TALK HIGHLIGHTS FOR SUMMERCON 2023 (EST)
This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)
HACKING THE GAMECUBE TO BEAT NERDS AT SMASH BROS FOR CHARITY
Dan “AltF4” Petro
Friday, 11:00 AM
This is the story of how an AI (SmashBot) can beat professional Melee players on a real Nintendo GameCube (a 22 year old console with no Internet connectivity) in front of an audience of tens of thousands of people who can all interact directly with the game remotely from their browser.
We’ll cover all the technical details behind the Melee speedrun marathon showcase, including gaining arbitrary code execution on the GameCube, all the tooling for writing complex payloads in the dead PowerPC ASM architecture, exfiltrating data off the console, and the custom-built hardware to facilitate it. All so that I can live vicariously through a robot in my fantasies of being a pro Melee player.
Oh, and bring your controller, because you can try to beat SmashBot yourself live on stage too!
THE RANSOMWARE HUNTING TEAM: A BAND OF MISFITS’ IMPROBABLE CRUSADE TO SAVE THE WORLD FROM CYBERCRIME
Dan Golden & Renee Dudley
Friday, 12:00 NOON
ProPublica journalists Renee Dudley and Daniel Golden, are the authors of “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cyber-Crime,” published in October 2022 by Farrar Straus, & Giroux to critical acclaim. Among other plaudits, Amazon made it an editor’s choice for non-fiction, and the New York Times called it “brilliant.” In this presentation, Dan and Renee will take us through their narrative, descrive the hunt, talk about some of the moral dilemmas, and share some thoughts about the the future of malware.Book signing to follow; bring your copy or buy one at Summercon! https://us.macmillan.com/books/9780374603304/theransomwarehuntingteam
THIS YEAR IN CRYPTO
Nick Sullivan
Friday, 4:30 PM
We swear we have an abstract for this lying around somewhere — but it’s Nick, so you know you’re good.
TRIED AND TRUE SECURITY BELIEFS/BEST PRACTICES
Mudge
Friday, 5:15 PM
Charming, irreverant, and always controversial, Mudge has hot takes. Get ready for a deep cut on so-called “best practices” It’s an honor to welcome him to the Summercon stage.
RACE AGAINST THE MACHINE: CONSUMERS VS. BOTS
Christine Fossaceca
Saturday, 12:00 NOON
Do you have any beef with online merchants? Maybe you weren’t able to buy a PS5 for months after they were released. Maybe there teardrops on your guitar because Ticketmaster didn’t let you get tickets to Taylor Swift’s Eras Tour. Or maybe you will be too far apart from the Cure because of the latest ticket scandal leaving you empty handed! The common denominator to consumer stress in online sales is directly tied to the uptick in botnets and the scalpers that use them.
Rebecca and Christine are going to shed light on the underground world of online resellers (scalpers) and the botnets they use to gain a competitive advantage when buying merchandise, such as sneakers, concert tickets, GPUs, and even NFTs, edging out legitimate consumers and profiting from the sales of products they didn’t design and music they didn’t create.
This talk will explain what botnets are, how scalpers build them and use them, and then recap some real world examples of botnets being seen in the wild. First we will talk about a cyber attack that no one even knew happened against the Shopify platform, when a scalper botnet broke a popular makeup website during the Shane Dawson and Jeffree Star Conspiracy makeup collection release. No, they didn’t break the internet, a botnet did. Next, Rebecca and Christine will evaluate the veracity of claims that Ticketmaster made in their Senate committee hearing, blaming their ticketing fiascos on “botnet attacks”, and ask the question, “Was the botnet truly scalpers or a just a convenient scapegoat?”
THE DEBUGGING UNCERTAINTY PRINCIPLE
Jatin Kataria
Saturday, 12:30 PM EST
In this talk, I will be sharing learnings and tools built for
investigating low frequency kernel crashes in FreeBSD and discuss how
hardware features could be utilized for providing zero-cost triage
information in production systems. This Heisenberg bug was initially
assumed to be happening due to an interrupt stack corruption but
turned out to be a CPU bug. Heisenberg bugs, known for their elusive
and unpredictable nature, can be a challenge to identify and fix.
Therefore, this bug was difficult to produce and hence remained a
mystery for debug invariant FreeBSD builds where integrity checks are
enabled throughout the kernel. In order to investigate the bug, I
built stack analyzer tools and configured Last Branch Record(LBR) on
CPUs and integrated them into the FreeBSD kernel to get CPU control
flow information during a page or general protection fault for zero
cost overhead.
Frankly, we’re stunned that this whole thing fits inside of 30 minutes, so listen carefully — it’s gonna go by at light speed!
[REDACTED], A PRESENTATION WITH AN ELABORATE TITLE
Dan Guido and/or [REDACTED}
Saturday, 2:00pm PM
Dan and the good folks at [REDACTED] have been working on [REDACTED] and will discuss some of the outcomes of their [REDACTED]. This talk will [REDACTED] your [REDACTED].
SUB 1 GHZ AND OTHER RADIO/SIDE CHANNEL ATTACKS
Harri Hursti
Saturday, 3:00 PM
Sub 1 GHz attacks are nothing new and SDRs made those a long time ago accessible. Flipper Zero blew this family of attacks into the mainstream consciousness as easy to use and almost no skills required cheap tools. Jailbreaking Quansheng UV-K5 brings in a $20 radio transceiver from 18MHz to 1.3 GHz, so where are we heading?
PROTECT YOURSELF BEFORE YOU WRECK YOURSELF
Samantha Davison & Jennifer Leggio
Saturday, 4:00 PM
For legal and/or aesthetic reasons, the description of this presentation is not availble. But you won’t want to miss it!
RIP KELLY “ALORIA” LUM
IN MEMORIAM — A VIDEO PRESENTATION (5:30 PM)
Dear Aloria (1982–2023), we miss you so much. We know you wouldn’t want us to cry, but we can’t promise that we won’t.
CONTINUE TO: HACKER SUMMER CAMP 2023 — Part Four: Zero Gravity by RingZero
