TactiFail
Thursday, March 11th – 6:12pm @ Virtual
Hello Hackers!
This month we are happy to have Chris Weiland speak on “Hacking Local Politics”:
As the lines between technology and society become blurred (or even non-existent), it’s becoming increasingly important for those with technical expertise to become involved in government. Anyone can show up to a local council meeting or send an email to their congresswomen, but if your goal is to be a truly effective activist you need to be strategic.
Chris Weiland is a freelance nerd and the co-chair of Restore the Fourth Minnesota. He has been engaged with various political projects over the years, most recently playing an active role in the push for a ban of face recognition technology in the city of Minneapolis. In this talk he will discuss the lessons he has learned over years of local political activism, and how you can transfer technical expertise into effective political action.
As usual these days of Covid, we will be meeting online at https://cafe.cyberia.club/dc612.
— TactiFail
Thursday, February 11th – 6:12pm @ Virtual
Hello hackers!
This month we are happy to have Colin Lee speak on “Your Code Security Blanket”:
Colin is an Android software developer at http://Meetup.com. He has evaluated code security while working at Amazon and Mozilla and as an independent contractor for banks and other organizations. In that time, he’s caught numerous security flaws in production code.
Amazon keeps a tight lid on their security processes. They even run an internal conference designed to look and feel like Defcon for their employees, so very few attend the real event.
We’ll examine how Amazon reviews their corporate code for security flaws. Also, we’ll see how several high profile security incidents were caused by common coding errors.
As usual these days of Covid, we will be meeting online at https://cafe.cyberia.club/dc612.
— TactiFail
Thursday, November 12th – 6:12pm @ Virtual
Hello hackers!
This month we will have our heads in the clouds as Yoni Leitersdorf performs a live demo of 5 days’ worth of research into non-traditional cloud hacking:
Oftentimes, when we think about protecting resources in the cloud, we immediately think about the typical ways in – via public-facing applications or abuse of credentials. In this talk, we will look at one additional way: through the work unit parameters of a service. During the development of Indeni’s Cloudrail SaaS product, Yoni was responsible for trying to find ways to hack into the service. One of the ways he found, raises questions about how secure ECS workloads really are.
As usual these past few months, we will be meeting online at https://cafe.cyberia.club/dc612.
— TactiFail
Thursday, October 8th – 6:12pm @ Virtual
Hello hackers!
Look around your workspace – do you have a wireless keyboard or mouse? If so, maybe power them off while @FreqyXin is around:
Mousejack and its associated wireless HID attack surface came to notoriety a few years ago, with the help of some exceptionally cheap hardware, and Bastille Labs’ eye-catching web site. The risk that users could be attacked through their wireless mouse or keyboard from major manufactures, certainly rattled more than a few CISOs. During this chat we will talk about Mousejack and the resulting corporate response, from my first chance exposure to the device as an intern, through to being offered a position to lead internal pen testing for uncovering massive exposure within an organization. This is essentially the story of how I broke into the security industry –while still in college, with tales of technical triumphs and hacker pranks for both red and blue team to enjoy.
Always love a good prank, can’t wait!
As usual these past few months, we will be meeting online at https://cafe.cyberia.club/dc612.
— TactiFail
Thursday, September 10th – 6:12pm @ Virtual Only
Hello hackers!
Last month, DefCon had its first-ever fully-online, widely-distributed, fault-tolerant, canceled conference. There were some hiccups, but overall things went smoothly. While we are hopeful that it won’t need to be virtual again in the future, it was undeniably a unique experience.
This month, we have a special guest speaker who has given several talks at DefCon and other conferences, instructs for SANS, and knows a thing or two about Kerberoast. You may know him as none other than Tim Medin!
Tim will be presenting on various Kerberoast attacks and defenses:
Kerberos, besides having three heads and guarding the gates of hell, protects services on Microsoft Windows Domains. Its use is increasing due to the growing number of attacks targeting NTLM authentication. Attacking Kerberos to access Windows resources represents the next generation of attacks on Windows authentication. In this talk Tim will discuss his research on new attacks against Kerberos, including a way to attack the credentials of a remote service without sending traffic to the service as well as rewriting tickets to access systems. He will also examine potential countermeasures against Kerberos attacks with suggestions for mitigating the most common weaknesses in Windows Kerberos deployments.
Whether you are an attacker or a defender, or just a curious hacker, or all three, this is not to be missed.
As usual these past few months, we will be meeting online at https://cafe.cyberia.club/dc612.
— TactiFail