Welcome to the February 2020 DEFCON 201 Meet Up!
.::AGENDA & SCHEDULE::.
7:00pm - 7:45pm
Meet & Greet
7:45pm - 7:50pm
DEFCON 201 Annoucements & Code of Conduct — GI Jack, Sidepocket
7:50pm - 8:00pm
Why Pick Up "Artists" Are A Scam; A Social Engineer's Perspective — Sidepocket
8:00pm - 8:45pm
An Introduction to Iot Pentetration Testing — Libertyunix
8:45pm - 9:55pm
Open Workshops Projects
9:55pm - 10:00pm
END OF OFFICIAL MEET UP
Lockpicking & Locksport — Sidepocket
Pwnagotchi & Wall Of Sheep — GI Jack
Pi-Hole Instalation — Sidepocket
An Introduction to IoT Penetration Testing
:..>IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The security of these devices is critical as more of these insecure devices come to market. As security professionals we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, how to build an effective toolset, reverse engineering, and analyzing wireless signals with software defined radio.
:.>Bio: With 10+ years’ experience in Information Technology, Libertyunix has held positions in the field such as Red Team Analyst, Security Systems Specialist, and Red Team Penetration Tester. Libertyunix has extensive experience in offensive security techniques and defensive strategies. He is currently a professor at Drexel University researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments. Outside of the zeros and ones Libertyunix is the coach of the USA Roller Sports Women’s Inline Hockey team winning the last 3 world championships.
PWNagotchi & Wall Of Sheep
:..>Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs. We will be creating our own DEFCON 201 variant that will be part of a bigger project and need all hands on tech for its birth!
Also, we are working on a secret project invloving building a Wall of Sheep. Want to help or know what it is? Ask!
:..>Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole (and optionally a DHCP server), intended for use on a private network. Pi-hole has the ability to block traditional website advertisements as well as advertisements in unconventional places, such as smart TVs and mobile operating system advertisements. We are going to install a Rasberry Pi running Pi-hole to the wireless network router at Sub Culture in a first of many hardenings to the venue’s cybersecurity.
:..>What To Bring: A background in either Rasberry Pi (such as NOOBS/Raspbian OS installation) and/or physical network cabling will be helpful but not required. Network configuriation and routing hacking will also be a plus.
::END OF LINE::