Category Archives: Firsties

The first bitch

Dc414 Meetings will be virtual due to COVID-19

Posted on by
4

Join the meeting on every first Friday @ 7PM
https://meet.jit.si/dc414

DC414 will be going virtual for our meetings due to safety concerns for members and our communities. Please spread the word to your friends! Do not show up to the physical meet spot!

This meeting will be hosted on dc414.org infrastructure using Jitsi meet software.
It is known that Jitsi works best on Chromium based browsers (Chromium, Brave, Google Chrome).

On the first Friday of every month starting at 7 PM please click on the following link to join us in the DC414 virtual meeting!

Join the meeting on every first friday @ 7PM
https://meet.jit.si/dc414
Share with your friends!

November, and future!

Posted on by
1

So if it’s not apparent, we’re terrible at actually updating the website. November meeting is taking place as scheduled, see you Friday the 2nd!

If you’re reading this and it’s past November, check the meeting link above. 1st Friday of every month!

-darkwind

May’s meeting days away.

Posted on by
Reply

Our next meet is happening on Friday! see https://new.dc414.org/meetings/ for location details.

This meeting I will be doing one of the more interesting demos I did a few years back.
did someone say laser microphones? (note to some of the other members… no 5mw or higher lasers please…)

See you there!

January Meeting Recap

Posted on by
Reply

Starting the new year off with MOAR RECAPS.  I (Belouve) did not get there at the start, so I will recap what I was told by others.  People can fill in details if they want.

SoftEther VPN

 

We had a demo on SoftEtherVPN (“SoftEther” means “Software Ethernet”). This is a multi-protocol VPN software, that runs on Windows, Linux, Mac, FreeBSD and Solaris.

Also open source, and free.  You can go from Open VPN to SoftEtherVPN smoothly.  Check out the site for other highlighted features I haven’t listed here.

We’re being hacked by Russia, right? …. Right?

Belouve arrived and set up a talk digging into the details of the recent “Russian” hacking.  Pointing to the US-CERT report and the files they sent, only 2 out of the 911 indicators given by US-CERT point to Russia.  The reports on APT28 and APT29 cite some vague ‘evidence’.

One of the best things is that an APT29 report (see page 9) references the use of MiniDuke malware as being Russia.

So Belouve looked up the MiniDuke specifics, binaries, breakdown, etc.

The word ‘Russia” does not appear anywhere in the report.

But…MiniDuke does open up a backdoor…

to Turkey (See page 22)

Discover Recon Script

Belouve demonstrated his slimmed-down version of Discover Scripts, which he has available at https://github.com/belouve/discover

Credit given: the original discover script is made by Lee Baird, as available here. My version has slimmed his down, and I have updated some other steps.

This script is tuned to do as much passive recon on a target as it can, without touching the target and alerting it to its scan.

Uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, PGP Keys, multiple other websites, and then recon-ng.

The recon-ng modules scrape Bing, Google, Hackertarget, Netcraft, Shodan, Threatcrowd, GitHub, Twitter, LinkedIn, Whois, and Censys.io for information.  It parses and pivots the information gathered from other modules and earlier steps.

Take a look over the tool, it is constantly being tweaked.

Vlad’s LED Tree of LED Glory

Vlad did a demo on his multicolored individually-addressable LED tree.  Big tree, and I feel a video would go best here.

DEFCON Groups Update

Message from DEFCON groups.  Yay DC414 for actually responding to and doing the challenge!

Next Meeting

Next meeting is Friday, February 3rd.  Same bat time, same bat channel.