Uncategorized

Thursday, July 9th – 6:12pm @ Virtual Only

Written by  on July 5, 2020

I hope this post finds you happy and healthy and thoroughly unmelted.

I think if this heat continues, its bound to cause power disruptions and my availability zone will experience connectivity issues. For those non-cloud people, that means I’ll be hiding in my house until the Fall.

Fortunately, this months DC612 is Virtual! So even if you’re like me and skeptical of the outside, DC612 can be beamed into your homes, apartments and yurts.

For the July meeting, Kat, one of the DC612 organizers will be speaking on topic she has become a recent, unwilling expert.


GCP IAM 101

Identity and Access ManagementΒ (IAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.”Β 

Google Cloud Platform (GCP), is like any system in that it has needed to design a framework for authenticating Users and authorizing them to access resources. How GCP and its IAM system has evolved tells a story about what is important to them, and how their products as a whole have evolved.

In this talk I will start at the very basics, like, who is a WHO in GCP and how are permissions granted to them. I’ll talk about the basic structure of GCPs Cloud IAM, and some of the strong design decisions that are pervasive in the platform. Finally I’ll talk about the what constitutes privilege in GCP and a few ways to get it.


This month, as in the past, we will be virtually hosted the the gracious https://cyberia.club/.

Link to the Jitsi meeting to posted ~1 hour prior to meeting on Twitter and Slack.

Hope to see my Hacker family there.

-kat

Thursday, May 14th 2020 – 6:12PM @ Virtual Only

Written by  on May 2, 2020

Update: https://cafe.cyberia.club/DC612

Hello hackers!

This month we are to be joined by Tom Pieragastini, a local penetration tester who will be teaching us about API hacking:

Increasingly web applications are relying on backend API services in order to query data, write data to databases and perform backend functions. On some levels the shift to API centric applications presents conditions that are very similar to testing traditional web applications, while on other levels the presence of APIs fundamentally changes the methods and tools utilized during testing. This shift in the application space becomes more prevalent everyday, and has changed the face of web application testing.

I’ve worked with Tom directly and am excited to have him present.

This is another virtual-only meeting. We will again be using Jitsi, courtesy of our friends at Cyberia. Please forgive any technical issues as we continue to figure out this new platform. The meeting URL will be shared an hour before the meeting is set to start on Thursday. See you all there!

— TactiFail

Where: Online! Please do not meet at our usual spot πŸ™‚
When: Thursday, May 14th, 2020 @ 6:12PM

Thursday, April 9th 2020 – 6:12PM @ Virtual Only

Written by  on April 7, 2020

Hello hackers!

Update: The meeting URL is https://cafe.cyberia.club/AvrilBromaTreffen – feel free to lurk until the meeting officially starts at 6:12 PM.

As some of you might have picked up, the world is sorta crazy right now. Current recommendations being what they are, we have elected to suspend in-person meetings and switch to virtual for the time-being. We did a hybrid physical/virtual meeting in March and it worked well enough, so we are going to try for full virtual this month using Jitsi, courtesy of our friends at Cyberia. Please forgive any technical issues as we try out a new platform.

This month, we have three smaller presentations from three normal-sized regulars. @bd will give an overview of two critical RFCs, “Strongthany” delivers “bear chase security: why our security only has to be marginally better than our competitors”, and one more mystery speaker will have a mystery topic. Mysterious!

The meeting URL will be shared an hour before the meeting is set to start on Thursday. See you all there!

— TactiFail

Where: Online! Please do not meet at our usual spot πŸ™‚
When: Thursday, April 9th, 2020 @ 6:12PM

Thursday, March 12th 2020 – 6:12PM @ Wilde Cafe

Written by  on March 3, 2020

Hello Hackers!

Our original speaker fell ill, so we will be having two mini-speakers (mini in presentation length, not stature) instead:

First – Capturing iDevice App Data with Zap. The thing least done these days on a mobile phone is talk. This doesn’t stop our phone from from chatting away. I became fascinated with all the different places and all the data that my phone shared, just by me using the apps on my phone. Capturing the network data that apps use we can see just what we are providing for the deals, convenience, and entertainment we carry around then decide how we want to share our data. @435ftw

Second – The Future of Machine Learning: Augmentation, Industry, and Art. There are usually two kinds of AI talks given to wider audiences: AI 101/102 and AI Will Kill Us All for Money. This is neither. We’ll examine industrial, accessibility, and cultural impacts of balanced applications of these systems. Sometimes, the way to avoid a dystopia is to share a dream beautiful enough that the other paths just aren’t appealing. <speaker name withheld>

We will also be toying with streaming the first talk, as a way to prepare for possible future meetings being online events should COVID-19 or other calamities make in-person meetings infeasible.

This month, Bigendian Smalls will join us to discuss his journey into the world of mainframe hacking, consulting, and teaching, and will show those who are interested how to get started themselves. Come learn about the big iron that underpins the planet, dispel some myths and talk about some real life Gibson hacking.

— TactiFail

Where: Wilde Cafe – 65 Main St SE, Mpls.
When: Thursday, March 12th, 2020 @ 6:12PM

Thursday, February 13th 2020 – 6:12PM @ Wilde Cafe

Written by  on February 6, 2020

Hello Hackers!

It’s almost Valentine’s Day and that means looooove is in the air.

And packets.

As it turns out, those packets that we trust with our more intimate privacy might not be as safe as we’d hope. That’s why this month, we are pleased to have DefCon legend Renderman visit and tell us all about his research into the Internet of Dongs:

Everything is becoming ‘Smart’ nowadays and researchers have looked at many of them and found terrible things. There is one branch however that no one has wanted to touch. Internet connected sex toys in all shapes, sizes and capabilities are available on the market with many more being developed. Like many IoT devices, IoD (Internet of Dongs) devices suffer a great many security and privacy vulnerabilities. These issues are all the more important when you consider the private and intimate nature of these devices. To research this, the Internet of Dongs project was founded (https://internetofdon.gs). This talk will explore this under researched branch of IoT and the security and privacy threats that exist. It will also cover the IoD projects efforts to bring information security best practices to the adult toy industry.

Now I know this topic might elicit some chuckles from certain audiences, but I’d like to specifically request that the tone be kept professional as much as possible. This is legitimate research with real-world consequences.

— TactiFail

Where: Wilde Cafe – 65 Main St SE, Mpls.
When: Thursday, February 13th, 2020 @ 6:12PM