Uncategorized
Thursday, December 14th – 6:12pm @ Virtual
Hello Hackers!
This month, we will be joined by @MiloSilo_Hacks who will be presenting some prompt engineering attacks to bypass ChatGPT restrictions:
I have created TTPs and two tools to assist in manipulating generative AI which bypass all the ethical boundaries of ChatGPT. I have a heads-up display ratings system you can add into ChatGPT to understand how it thinks. This talk will include a live demo.
I’m peter Halber, aka Milosilo. I’m a senior red teamer at a big corporate bank, and also former counterintelligence agent. I combined my skill sets to redteam generative AI via prompt engineering. When I’m not hacking, I like to spend time with friends and family. I enjoy cooking, the outdoors, and playing flight simulator. I also have great jokes.
As usual, we will be meeting online at https://cafe.cyberia.club/dc612.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
Thursday, November 9th – 6:12pm @ Virtual
Hello Hackers!
This month, we will be joined by @TactiFail who will be presenting his talk “Reflections on Reflection”:
Reflection is a technique used in programming to inspect the running code at runtime. This allows for all sorts of weirdness, from simply reading private variables to modifying them directly and calling private methods. This talk goes over what reflection is, roughly how it works, and how it can be used to work around those pesky “private” access modifiers.
Tacti is a senior (or principal, depending on who you ask) penetration tester at a healthcare-adjacent organization. He runs DC612, a Minnesota Defcon group (check them out some time) and sometimes cooks passable meals.
As usual, we will be meeting online at https://cafe.cyberia.club/dc612.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
Thursday, October 12th – 6:12pm @ Virtual
Hello Hackers!
This month, we will be joined by Brian Halbach who will be presenting his talk “Security Flaw Safari: Reading Between the Lines and Hunting Security Risks”:
This talk covers the methodology used for hunting previously unknown security risks and how to go on an adventure to read between the lines and uncover the juicy secrets the documentation won’t directly tell you. This talk will also help show a way to estimate if a research project will take 50 hours or 50 years as well as strategies on how to effectively learn a new technology and peel back the layers of complexity until you can find out what is really going on under the hood. There will also be examples and discussion from real world case studies. Audience members should be ready to participate and are welcome to share their own stories and thoughts (assuming they are legally allowed).
Brian is a Senior Security Consultant at InGuardians with past experience in help-desk and network engineering roles. Recognizing organizational security gaps in those previous roles, he transitioned to red teaming and penetration testing. He enjoys tackling complex security issues and consulting with clients to find non-obvious solutions.
As usual, we will be meeting online at https://cafe.cyberia.club/dc612.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail
2023 Toxic BBQ September 23rd!
Hello hackers!
We have exciting news: The 2023 DC612 Toxic BBQ is on!
- When: Saturday, September 23rd from 4PM to 10PM Central
- Where: Minnehaha Falls Regional Park, Wabun Picnic Shelter G (map here)
- What:
- Food! Bring food and we will grill it, or just show up and eat.
- Hackers! We have been told there may be hackers in attendance.
- Music? Games? Prizes? Stickers? Whatever you bring!
- Cost: Zero dollars!
This is a group-led event, so it is only as good as we make it. We have a sign-up sheet here to track what everyone is bringing, please fill it out if you plan on bringing stuff. Please note that canned beer is allowed, but no other alcohol per permit rules. We always need food, but paper plates, plastic utensils, and napkins never go out of style. If someone wants to bring musical entertainment, or games, or a vulnerable WiFi spot, all the better!
Nobody is required to bring anything or pay anything to attend and eat, but keep in mind that our official budget is also zero dollars, so we will only have what we all bring.
See you all there!
Thursday, September 14th – 6:12pm @ Virtual
Hello Hackers!
This month, we will be joined by Alex Groyz who will be sharing with us about automating containment of AWS services during incident response:
Any organization with sensitive data can be the target of a cyberattack, regardless of size or industry sector. As more and more enterprises move to the cloud, the threat landscape is evolving at an accelerated rate in which adversaries deploy advanced tactics to reach their end goal. Incident response is critical in securing your data and preventing an attack from wreaking havoc on your organization.
After detecting an event in the detection phase of an incident response and analyzing it in the analysis phase — I will present a solution that you can use to automate the containment of the four supported AWS services: IAM User, IAM Roles, Lambda Functions, and EC2 instances.
Alex Groyz is a cloud security architect at Vectra AI specializing in AWS. He has broad knowledge across the technology spectrum. Alex helps customers create a hybrid cloud migration strategy and build their presence on the cloud. He has over a decade of experience in various engineering roles and enjoys working with diverse stakeholders with a focus on the cloud
As usual, we will be meeting online at https://cafe.cyberia.club/dc612.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.
— TactiFail