December Meeting Recap

Posted on by
Reply

Whoa. A meeting recap.

post-30210-neo-woah-gif-whoa-mind-blown-t-ikvq

So what did we all do?

Caleb – Presented on Crafting Digital Radio Signals, to Control Things

He has a blog post about his Digital Radio Signals, and that was a majority of what was presented.  He was able to do a live demo of the capture of a remote outlet, and replay of the capture.

There was also “a peculiar signal hiccup”, wherein the signal to the remote outlet would not be received.  It would be similar to a jamming signal, if jamming radio signals were allowed.  Good thing we abide by all RF rules.

He demonstrated the ability to observe vehicle remote locking, and showed the lock and unlock signal.

njRAT v0.7d – Part Two

A part two would make sense with part one, but ::shrug::

Showed off the njRAT v0.7d that came along for the ride on a torrent. njRAT is a remote-access Trojan that has been used for the last few years. A 2013 report from General Dynamics / Fidelis Cybersecurity Solutions goes over detailed indicators, domains, and TTP’s in conjunction with attacks using njRAT.  It is also apparently up to version 0.9.  The malware is making a comeback, and maybe due to some evasion techniques shown. (or people just continue to be dumb in downloading from torrents.  That could be it too)

If njRAT is run, Hey, Look! It’s detected as a virus!

Instead, do some tech magic (someone can add detail) using Base64 in Microsoft Visual Studio.  Runs now, the EXE is loaded, and it doesn’t trigger alerts or errors.

njRAT_panel-3

And hey, we have a remote desktop!

If we turn on the remote webcam function…

…hey!  This is why you should tape over your webcams! And we had keyloggers, microphone access, and chats available too!

So, just don’t trust things that are pirated from the Interwebz.

Do you want this for yourself?  Do a search for njRAT or njRAT v0.7d, and you can have it yourself.  (or, it seems 0.9 is around) You will have to compile/tinker/tech magic it yourself, though.

Picking on Level 3

Well, not directly.  We were shown a few links to see Internet health

Dynatrace , Dynatrace Keynote, and DownDetector

We just couldn’t help noticing how bad Level3 looked at the time.

Hacking the HooToo HT-TM05

So this is a $40 Travel Router, and we can HACK THE SHIT OUT OF IT

HT-TM05-wireless-router

Has WiFi built in, (added?) a 128GBD SSD, and it has a full Linux kernel on it now, OpenWRT, and Powered by LuCi.  Portable power that also lasts a good portion of the day.

Can do a File Server, put movies onto it, or put a web forum on it.  We plan to set one or more of these up and carry them around DEFCON 25.

Relevant GitHub that may be useful

Some were also interested in the PirateBox , that can be built on different hardware for about $35.

Something something CYPHERCON

Yeah.  See @cyphercon or cyphercon.com if you have no clue here.

If you have a better recollection of things from our meeting, good for you! Also, we could probably use that info in this update.  Comment or edit, or e-mail some DC414 folk about your contributions.

 

 

BarCamp Milwaukee 11

Posted on by
Reply

FOR IMMEDIATE RELEASE
BarCampMilwaukee 11
Milwaukee, WI
For the eleventh consecutive year, BarCampMilwaukee is returning the first weekend in October. CESI will host the event. Doors open at 9:00 AM, Saturday October 1st.
A BarCamp is a wholly unique event that provides a free, open-environment forum where the participants are in charge of what happens. It is an interactive conversation where professionals and curious alike come to learn, teach, and imagine. This revolutionary “unconference” allows participants to float from one session to another, and encourages the development of interesting ideas and spontaneous discussion. Since the first BarCamp in the US eleven years ago, hundreds of BarCamps have been organized throughout the world.
Throughout BarCampMilwaukee’s eleventh year run, participants have been involved in a wide array of session topics ranging from:
Software Development: Ruby on Rails, Drupal, and JavaScript.
Technologies: 3d printing/scanning, video editing, robots, and solutions for non-profits.
Solutions for small businesses and non-profits.
All the way to things like Zombie Defense Preparation, lockpicking, sushi making, and many other topics for makers, DIYers, artists and other creatives.

Barcamp is a program of The School Factory, a 501(c)(3) nonprofit organization that builds value-creating communities and spaces to transform education, economy, and talent.
When: Doors open Saturday, October 1st at 9:00 AM and close at 9:00 PM October 2nd

BarCampMilwaukee will offer over night sleeping so please break your sleeping bags.

register: here

July’s meeting as scheduled!

Posted on by
2

There was some discussion on when then next meeting is, and where it may be held. Just clarifying that our meeting will be at normal scheduled time on July 1st, at 7pm. We’ll be in our usual location at CESI. See https://new.dc414.org/meetings/ for details!

August’s meeting is up in the air for location, and expect light turnout as many of us are making the venture to Defcon.

See you there!
-darkwind

February Meeting Recap

Posted on by
1

Media is done, our Year of the Hack is posted above

We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting.  I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.

Cree.py Demo

To start us off, DW5304 did a demo of cree.py

Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.

SNMPwalk and SNMP shenanigans

DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered.  There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here

DEFCON Groups DC414 video

DEF CON Groups is holding a contest:  Year of the Hack

For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year

This was our most difficult demo yet.

Planning?  Accomplishing?

And furthermore…video?

We’ve been on video before.  We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).

Yet we hashed out a plan for the year.  We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org.  This time the event will be bigger and better, and we will use that as a means to laison with the community.

We had 20+ hackers participate to some level in our video submission.  We are not actors, we are very ADD/ADHD.  Getting more than 5 hackers on the same page is a feat.  Like herding cats.

We got it all done.  Some group shots, and some individual interviews.  It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).

Links to the videos are SUBMISSION and BLOOPER REEL

January Meeting Recap

Posted on by
1

TENS Demo

To start us off, Vlad brought a special guest to do a demo for us.

Dr. Charles S. Tritt, Ph.D, from MSOE, did a presentation on Human-Human Interface, using a TENS (Transcutaneous electrical nerve stimulation) unit and simulation electrodes.  Taken from his document:

This device mimics a relatively common approach to controlling powered prosthetic limbs. Electromyogram signals are picked up from the surface of the skin, amplified, digitized, processed and used to effect the desired control. In this case, the control is via nerve stimulation using a TENS unit.

The ZIP file containing his handout from the meeting (which has the parts list), MSOE lab handouts, and Matlab and Arduino code, can be found here

The total cost of the build is $98

We have some media of the device being used.  More will be posted as it is processed.  If you have media, videos, or pictures, that’d you’d like to share, please let me know.

Bubbles controlling Belouve (do note that they are husband and wife)

Bubbles controlling Vlad

Vlad controlling Bubbles

Cyphercon

Korgo and Belouve presented on the upcoming Cyphercon.  DC414 can still get in, though it seems most of DC414 are already attending or volunteering.  If you still want to get in, contact Korgo or Belouve.

There will be a booth/space for DC414 and Milwaukee Hackers (basically anyone I recognize as a Milwaukee area hacker) at the Friday part of the convention.  We’ll keep it a corporate no-fly zone.

We got a peek at one of the electronic badges for Cyphercon.

Puzzle Lock

Belouve brought a puzzle lock that he received from India.  It is claimed to be from the era of Shivaji Maharaj, who reigned from 1674 to 1680.  I’m investigating this claim to its age further.  Regardless, it’s a cool lock.

I have no video or images for my lock (yet), but I plan to make a video in English of its function and any more details I can find out.  However, I found a video of a similar lock here

January meeting almost here!

Posted on by
1

It’s almost Friday, and as mentioned previously, due to the Holiday falling on a Friday we have moved the meeting to 1/08/2015.

Vlad has a special guest, Dr. Charles Tritt from MSOE will be joining us, and will be giving a demonstration with a TENS unit, somehow facilitating a human-to-human interface.  It’ll definitely be a meeting to remember!

See you there!

-darkwind