This month, DC612 founder David Bryan (VideoMan) will be giving a preview of his upcoming Thotcon talk titled “Goldilocks and the three ATM attacks”. The abstract reads as follows:
Automated Teller Machines (ATM) attacks are more sophisticated than ever before. Criminals have upped their game, compromising and manipulating ATM networks, software and other connected infrastructure. Between having a third-party manage these machines, and ATMs deployed on low-bandwidth links, it’s an inevitable wild-west environment. In this talk I will review three case studies of ATM attacks, showing how they have become more dangerous than ever before. In this session, I will discuss unknown ATM flaws our pentesting team has uncovered while performing testing, the various ways criminals are attacking ATMs, the many security problems that we have identified with ATM systems, and what can be done to prevent these attacks. I will review three case studies of ATMs. One where the ATM security was extremely poor; One where the security was very good but the ATM still fell victim to an attack because we discovered a zero-day in the management software; And one where the security was just right- but its specific deployment had some major flaws that ultimately led to an ATM compromise. In this last case, the attackers side-loaded an application, and were able to run a criminal ring that led to $7M USD in losses.
Exciting stuff – hope to see you all there!
Where: Wilde Roast Cafe – 65 Main St SE, Mpls.
When: Thursday, May 9th 6PM
We are back on for April!
DC612 is back on an irregular night (third Monday) but at our regular location (Wilde Roast). Minnesota tried its best to keep us away, but we persisted!
This month we get Blue, with POWER-RESPONSE!
— TactiFail (Original post by Kat)
We are happy to announce a SECOND meeting this March – that’s two for the price of none!
Josh More, frequent speaker and resident intern wrangler will be wrangling interns this month. He has invited them to meet with DC612 folk and learn what it is like to work in security. It will be a pretty relaxed session, general Q&A sort of thing, open mic. Feel free to join us and discuss the day-to-day of working in the security field, whether you are on the blue team, the red team, the orange team, Team Edward, Ravenclaw, Next Generation,
or even emacs.
See you all there!
Hello hackers, and welcome to 2019!
To start the year off we will be hearing from @b_radmn about an OS command injection vulnerability he found in the Steam game client, affecting pretty much all Steam games on Windows. The talk will focus on the process of discovery, weaponization, and paths to exploitation. Time permitting he may get into the process of reporting the vulnerability.
See you all there!
Who has two thumbs, a sore throat, a newborn to take care of, and very little time to post details about this month’s meeting?
Josh More will be presenting this month. It’s his “job talk” which I assume has to do with his book, Breaking into Information Security. If that is the case, I would definitely recommend showing up if you are interested in starting (or advancing) your infosec career. And if that is not the case, show up anyway!