Our next meeting is days away! Our last one was a success, so we’re doing it again, same location, same time! See https://www.dc414.org/meetings/ for details on where to go on Friday!
If you can’t make it, or don’t yet want to join us in person, come hang out with us on Discord. https://discord.gg/DrtEyNbG7u
We will have live video streams to tune into, and interact with us virtually!
-darkwind
Hey folks! We are doing an IN-PERSON meet this month. It’s at a new location, so make sure to see https://www.dc414.org/meetings/ for details. Same time and date, which is First Friday of the month at 7pm!
We will continue to stream meetings via Jitsi, if you prefer, use https://meet.jit.si/dc414 as usual.
-darkwind
DC414 will be going virtual for our meetings due to safety concerns for members and our communities. Please spread the word to your friends! Do not show up to the physical meet spot!
This meeting will be hosted on dc414.org infrastructure using Jitsi meet software.
It is known that Jitsi works best on Chromium based browsers (Chromium, Brave, Google Chrome).
On the first Friday of every month starting at 7 PM please click on the following link to join us in the DC414 virtual meeting!
Just look for the sign!
-darkwind
So if it’s not apparent, we’re terrible at actually updating the website. November meeting is taking place as scheduled, see you Friday the 2nd!
If you’re reading this and it’s past November, check the meeting link above. 1st Friday of every month!
-darkwind
Our next meet is happening on Friday! see https://www.dc414.org/meetings/ for location details.
This meeting I will be doing one of the more interesting demos I did a few years back.
did someone say laser microphones? (note to some of the other members… no 5mw or higher lasers please…)
See you there!
dc414’s next meet is tomorrow, 2/02/2018. Will the hacker see his shadow? I hope so, because that means he’s at dc414!
Meetings are always 1st Friday of the month. See Locations for details!
-darkwind
Our next meet is happening on Friday! see https://www.dc414.org/meetings/ for location details.
See you there!
-darkwind
The 1337 BoomBadge has been won by yours truly! Thanks to BMPTS for the awesome work on this! See you next year!
If you are curious what’s on the bottom, and want to know more, check out patents 2,844,902 and 1,288,797.
-darkwind
Starting the new year off with MOAR RECAPS. I (Belouve) did not get there at the start, so I will recap what I was told by others. People can fill in details if they want.
SoftEther VPN
We had a demo on SoftEtherVPN (“SoftEther” means “Software Ethernet”). This is a multi-protocol VPN software, that runs on Windows, Linux, Mac, FreeBSD and Solaris.
Also open source, and free. You can go from Open VPN to SoftEtherVPN smoothly. Check out the site for other highlighted features I haven’t listed here.
We’re being hacked by Russia, right? …. Right?
Belouve arrived and set up a talk digging into the details of the recent “Russian” hacking. Pointing to the US-CERT report and the files they sent, only 2 out of the 911 indicators given by US-CERT point to Russia. The reports on APT28 and APT29 cite some vague ‘evidence’.
One of the best things is that an APT29 report (see page 9) references the use of MiniDuke malware as being Russia.
So Belouve looked up the MiniDuke specifics, binaries, breakdown, etc.
The word ‘Russia” does not appear anywhere in the report.
But…MiniDuke does open up a backdoor…
Discover Recon Script
Belouve demonstrated his slimmed-down version of Discover Scripts, which he has available at https://github.com/belouve/discover
Credit given: the original discover script is made by Lee Baird, as available here. My version has slimmed his down, and I have updated some other steps.
This script is tuned to do as much passive recon on a target as it can, without touching the target and alerting it to its scan.
Uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, PGP Keys, multiple other websites, and then recon-ng.
The recon-ng modules scrape Bing, Google, Hackertarget, Netcraft, Shodan, Threatcrowd, GitHub, Twitter, LinkedIn, Whois, and Censys.io for information. It parses and pivots the information gathered from other modules and earlier steps.
Take a look over the tool, it is constantly being tweaked.
Vlad’s LED Tree of LED Glory
Vlad did a demo on his multicolored individually-addressable LED tree. Big tree, and I feel a video would go best here.
DEFCON Groups Update
Message from DEFCON groups. Yay DC414 for actually responding to and doing the challenge!
Next Meeting
Next meeting is Friday, February 3rd. Same bat time, same bat channel.
