OSINT Links

Belouve did a presentation on OSINT and TraceLabs. Here are some links relevant to that talk, or from the slide deck:

Join TraceLabs (You will likely need to register and join their Slack)

Free PDF on OSINT

Hunchly Tool and Hunchly Training

IntelTechniques Menu (select items over on the left side). Also this site is where you can download Buscador OS

OSINT Dashboard

CherryTree (To take notes, is cross-platform) and Freeplane (mapping out connections)

I (Belouve) will probably keep this list updated as I get more resources dug up.

December Meeting Recap

Whoa. A meeting recap.

post-30210-neo-woah-gif-whoa-mind-blown-t-ikvq

So what did we all do?

Caleb – Presented on Crafting Digital Radio Signals, to Control Things

He has a blog post about his Digital Radio Signals, and that was a majority of what was presented.  He was able to do a live demo of the capture of a remote outlet, and replay of the capture.

There was also “a peculiar signal hiccup”, wherein the signal to the remote outlet would not be received.  It would be similar to a jamming signal, if jamming radio signals were allowed.  Good thing we abide by all RF rules.

He demonstrated the ability to observe vehicle remote locking, and showed the lock and unlock signal.

njRAT v0.7d – Part Two

A part two would make sense with part one, but ::shrug::

Showed off the njRAT v0.7d that came along for the ride on a torrent. njRAT is a remote-access Trojan that has been used for the last few years. A 2013 report from General Dynamics / Fidelis Cybersecurity Solutions goes over detailed indicators, domains, and TTP’s in conjunction with attacks using njRAT.  It is also apparently up to version 0.9.  The malware is making a comeback, and maybe due to some evasion techniques shown. (or people just continue to be dumb in downloading from torrents.  That could be it too)

If njRAT is run, Hey, Look! It’s detected as a virus!

Instead, do some tech magic (someone can add detail) using Base64 in Microsoft Visual Studio.  Runs now, the EXE is loaded, and it doesn’t trigger alerts or errors.

njRAT_panel-3

And hey, we have a remote desktop!

If we turn on the remote webcam function…

…hey!  This is why you should tape over your webcams! And we had keyloggers, microphone access, and chats available too!

So, just don’t trust things that are pirated from the Interwebz.

Do you want this for yourself?  Do a search for njRAT or njRAT v0.7d, and you can have it yourself.  (or, it seems 0.9 is around) You will have to compile/tinker/tech magic it yourself, though.

Picking on Level 3

Well, not directly.  We were shown a few links to see Internet health

Dynatrace , Dynatrace Keynote, and DownDetector

We just couldn’t help noticing how bad Level3 looked at the time.

Hacking the HooToo HT-TM05

So this is a $40 Travel Router, and we can HACK THE SHIT OUT OF IT

HT-TM05-wireless-router

Has WiFi built in, (added?) a 128GBD SSD, and it has a full Linux kernel on it now, OpenWRT, and Powered by LuCi.  Portable power that also lasts a good portion of the day.

Can do a File Server, put movies onto it, or put a web forum on it.  We plan to set one or more of these up and carry them around DEFCON 25.

Relevant GitHub that may be useful

Some were also interested in the PirateBox , that can be built on different hardware for about $35.

Something something CYPHERCON

Yeah.  See @cyphercon or cyphercon.com if you have no clue here.

If you have a better recollection of things from our meeting, good for you! Also, we could probably use that info in this update.  Comment or edit, or e-mail some DC414 folk about your contributions.

 

 

February Meeting Recap

Media is done, our Year of the Hack is posted above

We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting.  I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.

Cree.py Demo

To start us off, DW5304 did a demo of cree.py

Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.

SNMPwalk and SNMP shenanigans

DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered.  There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here

DEFCON Groups DC414 video

DEF CON Groups is holding a contest:  Year of the Hack

For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year

This was our most difficult demo yet.

Planning?  Accomplishing?

And furthermore…video?

We’ve been on video before.  We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).

Yet we hashed out a plan for the year.  We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org.  This time the event will be bigger and better, and we will use that as a means to laison with the community.

We had 20+ hackers participate to some level in our video submission.  We are not actors, we are very ADD/ADHD.  Getting more than 5 hackers on the same page is a feat.  Like herding cats.

We got it all done.  Some group shots, and some individual interviews.  It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).

Links to the videos are SUBMISSION and BLOOPER REEL

January meeting almost here!

It’s almost Friday, and as mentioned previously, due to the Holiday falling on a Friday we have moved the meeting to 1/08/2015.

Vlad has a special guest, Dr. Charles Tritt from MSOE will be joining us, and will be giving a demonstration with a TENS unit, somehow facilitating a human-to-human interface.  It’ll definitely be a meeting to remember!

See you there!

-darkwind

 

September DC414 Meeting Recap

Return of meeting recaps!

Klaviel started us off by showing us how to view alternate data streams in files. Demo was with Notepad and a few command prompt commands.

Klaviel then showed a brief video on hotel room lock hacking, on the Onity locks. The video he showed off can be found here

Korgo announced an upcoming Milwaukee conference that he is leading: Cyphercon. Cyphercon will be held on March 12th, and the venue that has already been reserved is the Safe House in downtown Milwaukee. The themes involved are Ciphers, Puzzles, Lock Picking, Safe Cracking, Covert Operations, Cryptography and Privacy. Klaviel will be doing lock demos at this conference, and Belouve will be creating the puzzles and badge challenge for the conference.
Attendance is limited to 100 guests, and the ticket prices are $100.
The website for Cyphercon is located here: CYPHERCON.COM You may buy tickets now using Bitcoin ($95) or Credit Card ($100).

Belouve did a DEFCON 23 recap, with input from other members that attended. An overview of the slides/websites he used can be found here: DEFCON 23 Recap
There is also the website for the DEFCON 23 Badge walkthrough at PotatoHat Security

Klaviel also showcased video from the DEFCON 23 shoot.

There was also a demo (I forget the guy’s handle) on mounting and decrypting an encrypted hard drive within Linux. The simplicity of commands would be more useful than using an array of tools to mount an encrypted hard drive (say, migrating from Windows to Linux).

Those were all the demos that I can recall. I will take some actual notes next time, instead of relying only on memory. A list of upcoming events will be in a separate post.

The meeting then broke up at about 11pm. Nerf, quadcopters, and other shenanigans were kept until after 11pm.

June meetup re-cap

We’re still very much alive and active, no one has bothered to update the website is all. 🙂   dw5304 got us off to a fun start with some Outernet reception, although it was really a demofail.  Still fun to set up a satellite and receive signals!

Klaiviel had an awesome 3d printed brute force machine in the works for combination locks.  Very fast!

We also did a nice sized LAN party on Saturday, lots of fun, booze, and yelling commenced.  Want to join in the fun? Feeling like you missed out? Are you on our mailing list? You should be!  or join us on IRC on freenode at #dc414.

-darkwind

March meeting fun!

March came in, and was an awesome time.  Too bad ngharo and vlad missed it.  We were hopping at the Meetupery!

IMG_20140307_193546

dw5304 got things started with some radio hacking, with his HackerRF board that he’s managed to un-brick.   We swept some bands, and learned that car FOBs generally work around 300mhz for sending signals.  And Chrysler FOBs have some good output!  IMG_20140307_203527

After that, we had some fun with a giant lock that Klaviel tried his hand at.  This thing is used for some serious security!  IMG_20140307_203610

We also reminisced about previous dc414 meetings, like a certain laser incident, and RF jammers.   W also got to see a neat piece of hackery, an ammo can turned into a self contained power supply, with lithium drill batteries and an inverter.   Awesomesauce! IMG_20140307_213641

Thanks for everyone who came out, and we’ll see you again next month!

-darkwind

February meeting awesomeness and sadness

February was another great meeting. It started with me and ngharo running late then doing the introductions, which there was a lot of. Its always good to see new faces at meetings. Then I broke the sad news that I will be leaving Wisconsin and so dc414 as well, appointed ngharo as new prez and stepped down. Then ngharo said a few words and gave us a glimpse of some of the changes he will be making. Everyone be sure to congratulate ngharo, I can’t wait to see what he does with the place.

Rob started the demos off with hacking a used disposable flash camera and a halogen light bulb to make a handy improvised flash light. I perfect zombie apocalypse type hack. Then he busted out materials for everyone to make their own zombie caution light. It did’t take long for people to start hacking it up even more and did all kinds of crazy things. Vlad was the first to turn things up to 10 by doing something to the transformer in the camera to pump out more voltage and get a brighter light. Then dw5304 and others did their best to blow the capacitors and other things up! Then using the flash bulb that came with the camera and capacitors over 9000 we tried to do some UV tattooing. Next up was Klaiviel doing a key impressioning demo for the newbies in the crowd. Here are some photos of the meeting.

So here it is, my last post on dc414. It has been a fun ride and I will miss everyone. You can still find me on the dc414 irc chan and I will be at meetings via G+ or what ever ngharo sets up for the group. See you out there.

-AA

November meeting recap.

First, many thanks to The Meetupery for hosting our meeting. You guys rock! Klaiviel got things going with his thingy that he plans on trying to make more of “I hope to get one!”. Then we went around the room and found out what everyone is up to. I made a few announcements that will be repeated here on a later date and Ngharo talked about his big plans for the new and improved dc414 PBX! I can’t wait for that to get done 🙂 Then dc5304 attempted to show us a super sweet SDR but ended up showing us how to brick one 😛 Then we talked about a old ass UHF/VHF scanner that you programmed with crystals I found at a yard sale. The one I got had 8 ports but only 5 crystals 4 of which had been identified with the fifth one unknown. We attempted to find the frequency of it but did not have all the right equipment. Anyway I thought it was a cool little piece of radio history so we gave it away along with a few other things. Here are a few pictures from the meeting. Congrats to the big winner college boy!