North East New Jersey DEFCON Group Chapter. We meet at Sub Culture once a month to hack on technology projects! https://www.defcon201.org

.::DEFCON 201 Meet Up — August 2020 — Digital Campfire::.

======================================================
Date: August 21st, Friday

Time: 4:00 PM EST — 9:00 PM EST

Meet-Up: https://www.meetup.com/DEFCON201/events/271914333/

Facebook [TOR]: TBA

Hackaday: TBA

=====================================================

Welcome to the August 2020 DEFCON 201 Meet Up!

Yup…the world still sucks.

Between the Postal Service Going Postal (censoring our rights as US Citizens), A Giant Deadly Explosion, Fire F&$king Tornados (not related) and COVID-19 raging on until the end of the year it’s easy to fall into despair.

However, the best thing about the Hacker Community is how we all come together no matter the obsticals. We had so many virtualized conventions in the past four weeks that 2020 was truly the year of Ultimate Hacker Summer Camp.

So we have built a small physical campfire at our Sub Culture venue and a HUGE bonfire digitally online as we share our stories and our hacks from each of these conventions.

Details of the in-person meet below:

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

======================================================
Live Streams:
======================================================
Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious [TOR]: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg
======================================================

.::AGENDA & SCHEDULE::.
[ALL TIMES ARE EASTERN STANDARD (EST)]
4:00pm — 5:30pm
AFK: Meet & Greet+ Open Workshop Projects + Games
ONLINE: Diana Inititive Badge Soldering Workshop
5:30pm — 6:00pm
DC201 Show & Tell
6:00pm — 6:30pm
Insert Coin: Upgrading Raspberry Pi Arcade Machines — sirocyl, GI
Jack
6:30pm — 7:30pm
First Contact — Vulnerabilities in Contactless Payments
7:30pm — 7:40pm
E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM
7:40pm — 9:00pm???
Campfire Stories: Digital Hacker Summer Camp Roundtable

.::OPEN PROJECTS::.
Diana Inititive Badge Soldering Workshop — Chris TechGirlMN
DC201 Show & Tell — Everyone
Google CTF — Everyone
Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone
JackBox Party Pack 3 Online Games — Everyone

.::LIGHTNING TALKS::.

Campfire Stories: Digital Hacker Summer Camp Roundtable
:..>HOPE 2020, DEFCON Safe Mode, Black Hat USA, USENIX, Kids SecuriDay, Data Collectors NYC, European KubeCon, RingZer0, Diana Inititive…the last four weeks has been truly the Ultimate (At Home) Hacker Summer Camp. We call on ANYONE and EVERYONE who has atteneded or ran any virtual convention during this time to talk about their experiences, the highs, the lows, the hacks and the plain weirdness around the digital campfire! Email us at INFO (at) DEFCON201 [dot] ORG for the Jitsi invitation link!
Black Hat USA: First Contact — Vulnerabilities in Contactless Payments

:..>Contactless payments are fast replacing cash and chip inserted transactions. Now Accounting for a staggering 40% of transactions globally. Yet, contactless makes use of protocols much older than the technology itself. With this in mind, just how safe and secure are contactless payments?

In this talk, we discuss the intricacies of the EMV protocols. Our findings show that contactless payments are not as safe and secure as first thought. Their reliance on older technology has introduced several flaws into their protocols.

We detail new vulnerabilities; how to bypass limits for contactless payments made using cards and how to circumvent limits for mobile wallets, even on locked devices. We also cover flaws in the generation keys values, the unpredictable number (UN) and application transaction counter (ATC).

We close the session by discussing how existing implementations of card authorization processes differ from each other. Finally, we talk about the best practices that should be implemented to create a secure environment for payments.

:..>Bio: Leigh-Anne Galloway is Head of Commercial Research at Cyber R&D Lab. She specializes in application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities. Having previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Troopers, Black Hat USA, and Black Hat Europe.

Timur Yunusov is a Head of Offensive Security Research and a Security Expert in the area of banking security and application security. He regularly speaks at conferences and has previously spoken at CanSecWest, PacSec. DEF CON, Black Hat USA, Black Hat Europe.

Insert Coin: Upgrading Raspberry Pi Arcade Machines
:..>One of the best features of our venu at Sub Culture is the Raspberry Pi’s that host a bunch of emulated retro games for partrons to play on. While sadly they are offline due to restrictions on COVID-19, we are going to give a tour of how these machinges are set up and look into implimenting the upgrades the venue’s staff has tasked us to perform!

:..>Bio: GI Jack is one of the Co-Founders of DEFCON 201. He might have seen a Ninja that had built their own hacker variant of Arch Linux known as Ninja OS. You might be able to also find this ninja at: https://ninjaos.org/

sirocyl — is a DEFCON 201 alumni and is the founder of the famitracker.org FamiTracker and Famicom/NES music community. He also part of MAGFEST video game convention staff.

E-Viction: ARTHOUSE / WHORE GALLERY AND PROTEST PLATFORM
:..>E-Viction is a self-destructing platform where sex workers and artists create intimate encounters and exchanges to imagine a world beyond SESTA/FOSTA. For 12 hours, the platform will feature virtual peepshows, chat rooms, and art that all protest digital gentrification, before dramatizing the otherwise invisible censorship of sex workers by self-destructing. E-Viction is a direct response to our urgent need for a digital public sphere and the challenges of sex worker survival in COVID-19. DEFCON 201 will give a quick tour and links to interact with and fight against Internet Censorship while having a fun time on a lonely coronavirus night!

:.>Bio: Veil Machine is an art collective founded by Empress Wu, Niko Flux, and Sybil Fury that uses a relational and intimate art practice to explore problems of power, erotics, and identity in sex/art work.

Empress Wu (b. 1997) is an NYC-based dominatrix and cultural activist who primarily operates via performance, curation, writing, and production to explore the semiotics of sex work, and its effect on the body politic. | https://www.empresswu.net/creative

Niko Flux (b. 1993) is a persona created through sex work, but destined to make art. She explores intergenerational lineages, queer surreality, and subterranean other selves. https://www.mistressniko.com

Sybil Fury (b. 1993) is a fantasy born from the imagination of a PhD student, sex worker, curator, and community organizer living between NYC and the Bay Area. Her work explores how the sex worker perspective opens up new possibilities for thinking about power, gender, and labor in capitalism. | https://sybilfury.com

.::OPEN PROJECTS::.

DEFCON 201 Hacker Show & Tell
:..>DEFCON 201 members will be given in person during the Meet & Greet to show off the various projects that they have been working on. We have had heads up on some awesome stuff being worked on that will be showing up for the very first time so you don’t want to miss this on live-stream!

:..>What You’ll Need: If you want to get in on the action, just bring any hardware or software program you are working on. For hardware, make sure you have a camera with decent resolution. For software, make sure your screen sharing function is working. For interaction, make sure you have your microphone on your computer or headset in working order.

Google CTF
:..>This Friday, starting on August 21st at 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Google 2020 CTF! If you are new to Online CTF, we will help you get set up and walk you thorugh some of the challenges. Then you can log in anytime after until August 23rd 8:00 PM EST to continue our CTF conquest! To learn more about the CTF, please follow this link: https://medium.com/@defcon201/ultimate-hacker-summer-camp-part-eight-google-ctf-ee2b7ac52f8a?sk=b7ee545ea73b3f58d4fd03f33b56cda4

:..>What To Bring: Any laptop will do. Ideally you want to load it full of Information Security Red Team and Blue Team tools, look at Kali Linux, Parrot OS, Pentoo or Black Arch for ideas. To participate online, you will need a Discord Account and to join our Discord at this link: https://discord.gg/PGgPNEF

Diana Inititive Badge Soldering Workshop
:..>In this 90 min workshop we’ll build step by step the “Off the Shelf” badge. TOOLS REQUIRED — SOLDERING IRON, WIRE STRIPPER AND A SMALL WIRE CLIPPER you will also need solder, flux and possibility some solder braid or a solder sucker . Requires the parts listed here(link needed) as well a computer with the Arduino IDE installed (link) We’ll end the session with loading a test sketch to the Arduino.

:..>What To Bring: Aside from the supplies outlined below, you will need some basic tools: soldering iron, solder, wire stripper, snips and maybe some solder braid for those oops moments.

Folding@Home VS Coronavirus
:..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

Jackbox Party Pack 3 Online Games
:..>During our live-stream, we will be offering to join us in various online games in Jackbox Party Pack 3! The threequel to the party game phenomenon features the deadly quiz show Trivia Murder Party, the say-anything sequel Quiplash 2, the surprising survey game Guesspionage, the t-shirt slugfest Tee K.O., and the sneaky trickster game Fakin’ It. Use your phones or tablets as controllers, and play with up to 8 players, plus an audience of up to 10,000!

:..>What To Bring: To join in the gameplay, simply use the web browser on your desktop or smartphone — no app needed! Head to JackBox.TV and enter the Room Code that will be displayed on the live-stream and repeated in the chatroom. If you get in, follow the instructions on the live-stream and phone!

::END OF LINE::