TactiFail

Thursday, July 11th – 6:12pm @ Discord

Written by  on July 8, 2024

Hello Hackers!

This month we are joined by Ryan O’Horo (@redteamwrangler) who will be presenting his talk “Reverse Engineering an ALPR Ecosystem”:

I took a very serious interest in a specific type of ALPR [Automatic License Plate Recognition] camera, tens of thousands installed in cities across the US (including Minneapolis), recording every passing vehicle 24/7. I know where they are, what they do, how they’re sold, and how they’re broken.

I’m an artist and security engineer.

Meeting will be on Discord. If you need an invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, June 13th – 6:12pm @ Discord

Written by  on June 7, 2024

Hello Hackers!

This month we are joined again by @TactiFail who will be giving us an intro to game hacking:

Nobody wants to pentest yet another e-commerce web app.

Everyone wants to hack <insert your online game of choice here>.

In this talk we will take an entry-level look at two game-hacking techniques. A Unity game-in-progress I am working on (shameless self plug) will be the target. I’ll briefly go over how Unity games are laid out, demonstrate the game mechanics, show two methods you can use to introduce a hack, and implement a (admittedly naive) defense mechanism to detect it and kick an offending user.

I am TactiFail. I have a vague association with DC612 and sometimes I hack things.

Meeting will be on Discord. If you need an invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, May 9th – 6:12pm @ Discord

Written by  on May 9, 2024

Hello Hackers!

This month we are taking a quick look at fuzzing C# projects using SharpFuzz with @TactiFail:

Fuzzing projects is a great way to trade time for vulnerabilities. There is only so much we can test manually, so taking a “throw everything at it and see what sticks” approach can yield some cheap and easy wins. In this talk, we will go over a brief introduction to fuzzing, and then follow along setting up a test harness for a real-world project.

I am TactiFail. I have a vague association with DC612 and sometimes I hack things.

Meeting will be on Discord. If you need an invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, April 11th – 6:12pm @ Virtual

Written by  on April 2, 2024

Hello Hackers!

This month we continue the wireless trend with a talk from @r1otctrl titled “Warwheeling: The Wireless Sk8r”:

Welcome to the next generation of wardriving, where we encourage you to step outside, breathe in the fresh air, and shred the streets as you’re collecting ALL the WIFI. In this presentation, we’ll dive into the world of Warwheeling, a novel twist on wardriving that involves using a onewheel or any PEV as your mobile exploration hub.

Hi! I’m Riøt, SOCC analyst by day, warwheeler by night. My hacker circles are the #Wardriving group on WiGLE, DCG561/305 & Boca 2600. My Onewheel peoples are SoFlow, Float Gang, & Orlando Onewheel. My favorite form of touching grass hands down is going out on long rides on the Onewheel. It gives me a challenge to stress test wardriving rigs that can survive the elements when I’m out exploring. Still very new to RF but the past year has all been a learning period of what works and how to squeeze out every AP while trying to stay lightweight. Over the past year posting on my IG warwheeling content I have found a few others that also prefer this method of wardriving so it’s slowly growing trend wise lol.

Since the last talk went well over Discord, and after some discussion, we will be hosting meetings there going forward. We’ll still need to work out a system for people to view/participate without a Discord account, so maybe that will mean a simulcast and setting up Twitch or something. That’s how Defcon did it for the first remote-only con, but if anyone has any better ideas we are all ears. We’re also looking into recording talks (assuming the speaker is okay with it) so who knows, maybe a YouTube channel is in the future.

If you need a Discord invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, March 14th – 6:12pm @ Virtual

Written by  on March 13, 2024

Update: We are having some technical difficulties with the Jitsi server which just started a moment ago. As a backup, please join us in our Discord server until we can figure out what’s up: https://discord.gg/jKVBVtmk

Hello Hackers!

We are happy to be joined again by @lozaning! Did you make sure to floss and brush? Because if not, they’ll know:

The talk is on the process and tools used to create the first ESP32 self replicating worm in a commercial product, aka the toothbrush botnet. We’ll cover dumping the original firmware, some light RE, the way that ESP32 over the air firmware updates work, setting up a dedicated wifi network to perform MITM attacks, the challenges of creating self referencing firmware in a resource constrained platform, as well as some in process work to automate finding new devices that use the same chips by scraping the FCC’s website.

As usual these days of Covid, we will be meeting online at https://cafe.cyberia.club/dc612.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail