April10th, 2025 – “”
Hello Hackers!
This month we are joined again by @brianhalbach who will be presenting his talk “Tools of the Trade: How basic items can get you access almost anywhere.”:
You do not have to be James Bond to break into most buildings; in fact, a handful of simple items are often all you need. Success isn’t just about having the latest gadgets—it’s about knowing how to use simple, everyday items in creative ways. This talk explores the tools of physical penetration testing, from advanced lock picks and RFID cloners to common objects like clipboards, duct tape, and hotel key cards, demonstrating how these can be effective in bypassing physical security controls. Attendees will gain an understanding of the commonly used tools, including both specialized gear and unconventional items that can provide surprising advantages. We’ll discuss the importance of hands-on familiarity with your tools, selecting the right approach for a given scenario, and how to use these tools to expose real-world vulnerabilities.
Bio: Brian Halbach has eight years of cybersecurity experience, six of which have been penetration testing. He has been featured on Nightline ABC where a camera crew followed him and his coworker around while they broke into multiple companies in the Twin Cities Metro area. Brian was also featured on Darknet Diaries where he has regaled audiences with stories of physical penetration testing gone wrong. Brian has spoken about cybersecurity at conferences such as Defcon’s Physical Security Village, Wild West Hackin’ Fest, and GrrCon, Secure360. While he is passionate about hacking into things, he is equally as passionate about helping organizations learn how to secure themselves.
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
March 13th, 2025 – “A Day in the Life: Blue Team Edition”
Hello Hackers!
This month we are joined again by @Bajiri who will be presenting their talk “A Day in the Life: Blue Team Edition”:
Directly inspired by both the phishing analysis talk and the pentest panel (I have 0 creativity and originality), I thought it would be interesting to dive in a little deeper into the daily workflow of a SOC analyst (me). Focused mainly on what I do day-to-day, processes/procedures, tools we use in the SOC, and incident walkthroughs for some of the bigger incidents I’ve worked.
Bio: I am a SOC analyst and otherwise boring person
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
February 13th, 2025 – Pentester Panel
Hello Hackers!
This month we are joined by… well, a few people?
It sounds like there is interest in having a panel-style discussion led by pentesters, so that’s what we are gonna do! Each member of the panel will give a quick intro, some of their history, how they got into pentesting, etc. Then when that is done we will open it up for a general Q&A format. Wanna know what the day-to-day is like? Need advice for what to study? Opinions on the future? Ask away!
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
January 9th, 2025 – “Wonderful World of Wardriving”
Hello Hackers!
This month we are joined by Ringmast4r who will be presenting their talk “Wonderful World of Wardriving”. Simply put:
A comprehensive overview of wardriving
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
P.S. Going forward we are removing the time/location info from post titles and just having the date and talk title. This should make it easier to search for things going forward.
Thursday, December 12th – 6:12pm @ Discord
Hello Hackers!
This last month of 2024 we are joined by @Bajiri who will be presenting their talk “Bypassing EDR Constraints via WSL 2”:
Windows Subsystem for Linux version 2 can be utilized to bypass logging and detection, as well as network containment functions, of a major EDR vendor. This bypass is incredibly simple to execute, and several rounds of escalating tests show that this flaw in monitoring is easily exploited to execute malware on the host device undetected. When contacted about this issue, the vendor said they don’t support WSL2 or have any plans to fix their broken network containment /shrug
I am a SOC analyst, but I spend most of my time brain rotting in front of a computer and getting paid for it. I really like writing and researching malware too! Any time I am not doing cyber things, I’m usually playing FFXIV or other MMOs.
Meeting will be on Discord. If you need an invite, look no further.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail