Starting the new year off with MOAR RECAPS. I (Belouve) did not get there at the start, so I will recap what I was told by others. People can fill in details if they want.
We had a demo on SoftEtherVPN (“SoftEther” means “Software Ethernet”). This is a multi-protocol VPN software, that runs on Windows, Linux, Mac, FreeBSD and Solaris.
Also open source, and free. You can go from Open VPN to SoftEtherVPN smoothly. Check out the site for other highlighted features I haven’t listed here.
We’re being hacked by Russia, right? …. Right?
Belouve arrived and set up a talk digging into the details of the recent “Russian” hacking. Pointing to the US-CERT report and the files they sent, only 2 out of the 911 indicators given by US-CERT point to Russia. The reports on APT28 and APT29 cite some vague ‘evidence’.
One of the best things is that an APT29 report (see page 9) references the use of MiniDuke malware as being Russia.
The word ‘Russia” does not appear anywhere in the report.
But…MiniDuke does open up a backdoor…
Discover Recon Script
Belouve demonstrated his slimmed-down version of Discover Scripts, which he has available at https://github.com/belouve/discover
Credit given: the original discover script is made by Lee Baird, as available here. My version has slimmed his down, and I have updated some other steps.
This script is tuned to do as much passive recon on a target as it can, without touching the target and alerting it to its scan.
Uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, PGP Keys, multiple other websites, and then recon-ng.
The recon-ng modules scrape Bing, Google, Hackertarget, Netcraft, Shodan, Threatcrowd, GitHub, Twitter, LinkedIn, Whois, and Censys.io for information. It parses and pivots the information gathered from other modules and earlier steps.
Take a look over the tool, it is constantly being tweaked.
Vlad’s LED Tree of LED Glory
Vlad did a demo on his multicolored individually-addressable LED tree. Big tree, and I feel a video would go best here.
DEFCON Groups Update
Message from DEFCON groups. Yay DC414 for actually responding to and doing the challenge!
Next meeting is Friday, February 3rd. Same bat time, same bat channel.