Thursday, May 9th – 6:12pm @ Discord

Written by  on May 9, 2024

Hello Hackers!

This month we are taking a quick look at fuzzing C# projects using SharpFuzz with @TactiFail:

Fuzzing projects is a great way to trade time for vulnerabilities. There is only so much we can test manually, so taking a “throw everything at it and see what sticks” approach can yield some cheap and easy wins. In this talk, we will go over a brief introduction to fuzzing, and then follow along setting up a test harness for a real-world project.

I am TactiFail. I have a vague association with DC612 and sometimes I hack things.

Meeting will be on Discord. If you need an invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, April 11th – 6:12pm @ Virtual

Written by  on April 2, 2024

Hello Hackers!

This month we continue the wireless trend with a talk from @r1otctrl titled “Warwheeling: The Wireless Sk8r”:

Welcome to the next generation of wardriving, where we encourage you to step outside, breathe in the fresh air, and shred the streets as you’re collecting ALL the WIFI. In this presentation, we’ll dive into the world of Warwheeling, a novel twist on wardriving that involves using a onewheel or any PEV as your mobile exploration hub.

Hi! I’m Riøt, SOCC analyst by day, warwheeler by night. My hacker circles are the #Wardriving group on WiGLE, DCG561/305 & Boca 2600. My Onewheel peoples are SoFlow, Float Gang, & Orlando Onewheel. My favorite form of touching grass hands down is going out on long rides on the Onewheel. It gives me a challenge to stress test wardriving rigs that can survive the elements when I’m out exploring. Still very new to RF but the past year has all been a learning period of what works and how to squeeze out every AP while trying to stay lightweight. Over the past year posting on my IG warwheeling content I have found a few others that also prefer this method of wardriving so it’s slowly growing trend wise lol.

Since the last talk went well over Discord, and after some discussion, we will be hosting meetings there going forward. We’ll still need to work out a system for people to view/participate without a Discord account, so maybe that will mean a simulcast and setting up Twitch or something. That’s how Defcon did it for the first remote-only con, but if anyone has any better ideas we are all ears. We’re also looking into recording talks (assuming the speaker is okay with it) so who knows, maybe a YouTube channel is in the future.

If you need a Discord invite, look no further.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Thursday, March 14th – 6:12pm @ Virtual

Written by  on March 13, 2024

Update: We are having some technical difficulties with the Jitsi server which just started a moment ago. As a backup, please join us in our Discord server until we can figure out what’s up: https://discord.gg/jKVBVtmk

Hello Hackers!

We are happy to be joined again by @lozaning! Did you make sure to floss and brush? Because if not, they’ll know:

The talk is on the process and tools used to create the first ESP32 self replicating worm in a commercial product, aka the toothbrush botnet. We’ll cover dumping the original firmware, some light RE, the way that ESP32 over the air firmware updates work, setting up a dedicated wifi network to perform MITM attacks, the challenges of creating self referencing firmware in a resource constrained platform, as well as some in process work to automate finding new devices that use the same chips by scraping the FCC’s website.

As usual these days of Covid, we will be meeting online at https://cafe.cyberia.club/dc612.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail

Calling All Speakers!

Written by  on February 21, 2024

Are you interested in speaking at DC612? If so, let us know!

We are always looking for speakers, from the seasoned vets to the newcomers. If you are passionate and knowledgeable about something, we want to hear from you. You don’t need to be an expert either, in fact we like hearing from people who are sharing what they are learning now (as long as the info is accurate, of course).

What do we look for? Honestly any hacker topic is fine. Defcon is a hacker conference, not a computer security conference strictly, so as long as your subject matter would be of interest to other hackers, we’d love to hear it!

If you are interested in speaking (or know someone who is), please fill out this Google Form and we will be in contact: https://forms.gle/yYji2bFoqQRdt3Xj6

Note that there is no need to have or use a Google account for this, but if you prefer to reach us by other means you can:

and include the following info:

  • Name / Handle
  • Talk Title
  • Talk Abstract
  • Speaker Bio
  • Availability
  • Are you okay with the talk being recorded?
  • How do you prefer questions to be handled?

We meet the second Thursday of each month at 6:12 PM U.S. Central Time, virtually on our Discord server (invite link). We used to meet on Jitsi but ran into some limits with that. If you are unable or unwilling to present over Discord, please reach out and we will try to figure something out.

Thursday, February 8th – 6:12pm @ Virtual

Written by  on February 2, 2024

Hello Hackers!

This month, we will be joined by Mauddib28 who will be speaking about the exploration of Bluetooth and the pain points encountered along the way:

This talk will be about the pains and victories encountered while trying to get an understanding of the Bluetooth landscape. The exploration of Bluetooth begins with an assessment of the protocol’s basics, the topography of existing toolsets, and a determining of where/how to launch probes of the environment. During this process, the researcher has to discern limitations of the tools and establish initial instruments for explorations. We will review the pain-points perceived along with lessons learned in the development of these skills. The review of the Bluetooth research ranges from scanning/discovery of devices, their enumeration, and their interaction with potential objects. Devices investigated include the BLE CTF, custom made servers, and unknown devices found in the wild. The platform was constructed using Python with the BlueZ and dbus libraries.

Wortman is a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.

As usual, we will be meeting online at https://cafe.cyberia.club/dc612.

Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.

— TactiFail