Have you ever heard that Macs don’t get malware? Well that’s not true. Bad Brew was a click fix malware campaign that tricked users into downloading and running malware by imitating the homebrew package manager. I will compare an earlier and a more advanced malware sample that shows how the threat actors tactics changed over time

“What am I working on?”

Building a flexible cybersecurity training range — one that can simulate everything from simple flat networks to complex multi-site enterprises with legacy systems, modern infrastructure, and all the messy realism in between.

Why?

Because learning security requires a safe space to fail. Red teamers need targets they can attack without consequences. Blue teamers need environments where missed detections are lessons, not disasters. Students need room to break things and understand why. CDX provides that space — fully isolated, fully contained, and ready to reset as often as the learning demands.

What makes it different?

The range isn’t just isolated networks in a vacuum. There’s underlying infrastructure that makes it feel like operating within a larger ecosystem — realistic enough to be worth a longer conversation if you’re curious.

Where is this headed?

The project is open source and actively evolving. I’m building exercises, refining automation, and exploring opportunities to support hands-on training for security professionals, students, and teams who want something more than a typical lab experience. Interested in training, contributing, or learning more? I’d welcome the conversation.

Finding vulnerabilities in automobiles… Some old ones and some ??

At this month’s meeting, Alan will preview his upcoming SnowFROC talk, Crash Course into the OWASP API Top 10. As a DC303 exclusive complimenting the talk, we will practice on the vulnerable applications Completely Ridiculous API (crAPI) and VAPI.

To participate in the interactive part of the event, bring your own laptop with an intercepting proxy (Burp, ZAP, etc.) as well as an API testing tool like Postman. There will be several options for accessing the labs, including using API Sec University’s hosted environment, a local Proxmox lab network we will host in the space for the event, or setting up your own VMs on your laptop.

Recommended Tools:

https://portswigger.net/burp/communitydownload
https://www.zaproxy.org/
https://www.postman.com/
https://github.com/OWASP/crApi (or alternative to deploying a VM: http://crapi.apisec.ai/)
https://github.com/roottusk/vapi (or alternative to deploying a VM: http://vapi.apisec.ai/)

Talk Abstract:

Application Programming Interfaces (APIs) are the glue that allows independently evolving systems to communicate with each other, and are an important focus for security investment due to their privileged access to sensitive data and functionality. Recently, the OWASP API Top 10 has been updated for 2023, so join us as we introduce the OWASP API Security Project. We’ll cover what’s new in the 2023 API Top 10, as well as compare the differences with the previous 2019 version. For those interested in hands-on practice, we’ll also briefly introduce the OWASP crAPI (completely ridiculous API) Project which demonstrates common API vulnerabilities.

At this month’s meeting we’ll spend some quality time with a truly insecure CRM application that has something for every level of web hacker. Entry level participants can explore a poorly designed authentication system, mid-level hackers will have plenty of opportunities to run SQL and JavaScript Injection attacks, and there is even a pathway to shell, but it will take some real dedication to get there. A walkthrough is available for those who need it so everyone should come away knowing a little more about how to attack (and defend) web applications. Bring your own laptop with an intercepting proxy (Burp, ZAP, etc.) installed to participate.

COME LEARN ABOUT WIFI HACKING! We’ll be going over wifi’s evolution over the years, learning about vulnerabilities, mitigations, the tooling available, what’s under the hood of most wifi routers, and how you can run your own audits and even defend wifi in an enterprise or home environment.

INCLUDING PRACTICAL LABS! We’ll be putting out a bunch of wifi access points, maybe even some vulnerable clients, and you’re going to be hacking them.

HACK THE PLANET!

Examining the complex relationship between AI and Cybersecurity and Privacy. May do some exploration of the Claude family of AI models. Be ready for good discussion.

Seemly all of a sudden many theorized cryptographic systems are becoming practically usable. Programmable Cryptography is an exciting vision for novel applications using these new tools to empower privacy, verifiability, and much more. This talk will highlight some of these new tools and cover a few key use cases. We will invite discussions from the audience about how we might use these, helping drive adoption and innovation here in our local community and beyond! With any luck, we will come away with a few groups to kick-off a series of talks and workshops around this theme. Speaker bio: Nuke 🌄 is a developer relations advocate at https://risczero.com/ working to evangelize Verifiable Computation and is a huge fan of all things Programmable Cryptography Application. He is a community Steward for https://cryptorado.org that in home for web3 innovators and open source tools to empower people to be self sovereign, focused on engineering coworking and community hackin’. Connect with him on Cryptorado’s Zulip (join at https://Cryptorado.org, or directly on signal

Couldn’t make it to Hacker Summer Camp? Made it, but didn’t see every talk available? Join us for a group brain dump on the most interesting talks, research, and tools released at Blackhat, BSides Las Vegas, or DEF CON. Really anything recent and interesting is fair game. Please come with at least one item to share, even if it was just something you saw referenced and would like to know more about.

Have you agreed to a hardware pentest but don’t know where to start? Or perhaps you’re interested in hacking electronics for fun or profit. In any case, this talk will provide a gentle introduction to the hardware hacking scene. If you’re a software hacker, this session will empower you to start probing signals with confidence. For those already familiar with hardware hacking, we’ll delve into advanced attacks such as glitching and power analysis. We’ll even explore some fun analog hacking of cassettes. Join us for an informative and hands-on journey into the world of hardware hacking.

(Preview of upcoming conference talk…)

This is a story of how Python can fit into the physical world around us. It is a story of system design and product development. It is a tale of great breadth, covering distributed computing, custom printed circuits, electromagnetism, some of the largest hydropower generators in the world, and the software and hardware that brings this all together. This tale covers several years of research and development, culminating in a cyber physical system built on open-source software and easily attainable off-the-shelf products and components.

We will also discuss performing security reviews and penetration tests of these types of systems.

Abstract: The HardenedBSD Project is a “spork” of FreeBSD that aims to provide the wider BSD community with a clean-room reimplementation of the publicly-documented bits of the grsecurity patchset for Linux. The cofounders of the project started collaborating in 2013, and the project become official in 2014.

HardenedBSD goes above and beyond its original goal by providing extra security enhancements, exploit mitigation strategies, and unique access into our infrastructure. We seek out ways to serve in global human rights endeavors, navigating the nexus between {cyber,info}sec and human rights.

This presentation recaps the last decade of development and dives into where we aim to go in the next one, five, and ten year periods. We give tangible (yet sanitized) examples of the impact of our human rights focus.

Active Directory lab setup, exploitation, and walkthroughs. If you want to set your own up, cloud cost should be under 5 dollars for the evening, or people can use mine. (Sharing means you have to take turns.)

Compilation of the best hacks across AWS, Azure, and Kubernetes; showing off common security misconfigurations.

Source code analysis is consistently regarded as one of the most effective strategies for uncovering vulnerabilities. However, manual reviews can be time consuming, not to mention difficult to scale for large applications or across application portfolios. Advancements in tooling have traditionally not kept pace with the industry’s needs, with security researchers often relying exclusively on non-security focused solutions such as Developer IDEs and grep.

Enter: CodeQL. CodeQL is a semantic code scanning engine that introduces a rich, custom query language. This query language can augment manual source code review by highlighting areas of interest to focus on, or it can be used to model entire vulnerability classes and provide alerts when those models are detected in a code base.

This workshop starts out with an introduction to CodeQL, how it works and what sets it a part from other solutions. It ramps up quickly to showcase how CodeQL can be applied to find vulnerabilities in real world applications. Tips and tricks, as well as strengths and weaknesses will also be covered. No experience is required.

Ruby on Rails makes it easy to spin up a web application in minutes, but has proven to be reliable enough to run large company product offerings as well. Web Pentesters don’t technically need to know the platform behind the websites they’re testing, but when we do, we can sometimes find more interesting bugs more quickly. At this meeting we’ll start with the fundamentals by spinning up a trivial Rails app and then take a look at some vulnerabilities that often arise within Rails’s “sensible defaults”. Bring a laptop you’re willing to install Rails on to play along.

The how and why of a threat informed, offensive driven Defense

There is a recent wave of interest in API security within the broader security community, and APIs continue to be a promising source of security findings due to their ubiquity as the glue that connects disparate systems. With the goal of spending the latter half of the night on hands-on exercises, we will start with an introductory talk that will survey the resources that are available for learning API security, and discuss tips for what to look for when practicing with API-focused testing exercises. After the intro talk, let’s work through any questions regarding the exercises. If you would like to participate in the exercise half of the night, it is recommended in the interest of time to prepare before the meetup the tool/lab setup instructions under the “Lab Setup” chapter of API Sec University: https://www.apisecuniversity.com/courses/api-penetration-testing

Red Teaming for a [redacted] college cybersecurity competition is a great opportunity to work on persistence techniques and develop some useful custom tools. We’ll go over the unique environment of this competition, how that applies to real world scenarios, and also share some tricks that can be played when you have permission to burn the environment to the ground.

From the GitHub page: “LibAFL is a collection of reusable pieces of fuzzers, written in Rust. It is fast, multi-platform, no_std compatible, and scales over cores and machines.”

If you want to learn and explore in advance, here are the main resources:

GitHub is here: https://github.com/AFLplusplus/LibAFL

Academic paper is here: https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf

Attendees do not have to bring anything as we will be mostly demoing our soon-to-be-released open-source software (projected release between April 18th - April 21st) against the Bluetooth devices we are bringing.

However, if attendees do want to participate, there are three options:

Linux OS laptops that support the BlueZ stack (Not ported to Windows yet nor will it run inside a Linux VM)
A laptop + a Raspberry Pi to configure (the Pi will be running the Bluetooth Demystifier software)
Any device with a web browser to view the front-end application from the LAN (Not entirely sure how many attendees can view this data at once due to Pi's resources)

Attendees can install it before hand (via Linux laptop or on a raspberry pi), with our help at the meetup, or can choose to access the front-end side via a device with a web browser during the event.

2019-12 No meeting (because holidays).

Main page

Feature comparison

Book

2018-11 Canceling due to Thanksgiving

A new tool/technique called SILENTTRINITY was released at Derbycon earlier this month. The tagline is “A post-exploitation agent powered by Python, IronPython, C#/.NET.” This looks like something fun to experiment with. Bring a Windows target VM and something to run the C2 server that can do Python 3.7. You will probably also need a development environment setup (see following links). Github repo. Dev enviornment setup. The Derbycon presentation (53 minutes).

bring IDA/GDB and some scripting skills. file is here

Equipment: a mac or hackintosh or a *nix machine/VM with GNUstep installed (if you have windowmaker, it is probably already installed)

Tools: OTX (osx) and/or IDA, hex editor, gdb, binutils

Some links for gnustep: http://gnustep.org/ Guide for installing on Linux

You will be provided with a win32 game client that talks to a server daemon running remotely. The easy objective will be to insert a fake high score on the server. The hard objective will be to exploit a flaw in the server code running in a Windows virtual machine. You are advised to bring the following so you don’t waste time getting your tools setup:

1) windows operating environment (98, 2000, XP, Vista it shouldn’t matter) 2) a windows disassembler/debugger: ida pro or ollydbg 3) a network sniffer: tcpdump or wireshark 4) a tool for sending network traffic: netcat, ncat, perl, python 5) a hex editor (frhed, xvi32, hexdump) 6) some shellcode for owning windows XP (hard challenge only) 7) network cable 8) power strip

CTF daemons/binaries (1.7 MBytes) CTF (Vegas) packet capture (1.5 GBytes)

http://radare.nopcode.org/new/ http://news.nopcode.org/summer.tar.gz

source and binary

presentation executables source

pptx

challenge

challenge source with answers

ossec hids

insecure programming

nepenthes

OSIX

NGSEC

buffer overflow

scapy

honeywall cdrom ‘roo’

Vormetric

metasploit

ActiveScout