DC401 is the local Defcon Group for Rhode Island. DC401 is a gathering for folks interested in the alternate applications of modern technology, referred to properly as 'hacking'. DC401 is not intended to compete with any other computer group, such as Providence Geeks, 2600 or Linux User Groups, but rather to provide yet another gathering place for the discussion of technology and security topics. DC401 meetings are open to anyone, regardless of their skill, age, job, gender, etc. DC401 is here to help you learn new things, meet new people, mentor others in areas you may be strong in, and provide some cohesion within the hacker culture and it's members.
DC401 meets on the first wednesday of each month at AS220 Labs in Providence from 1830-2100. Presentations will start around 1900. Once we're done with presentations, we'll discuss current projects in a Hacker-safe atmosphere.
What would you like to present on?
Starting with the basics, let's play a little with Burp Suite, Community (ie. FREE!) edition. If you've never used Burp Suite or done any web site testing, we will be starting from the beginning. Let's talk about what an intercepting proxy is, how to configure it with your browser, look at all the tools included with Burp Suite and then start using some of them.
You can download the Community Edition here: https://portswigger.net/burp so you can play along!
We will be meeting on Monday, July 15th at the Tech Collective. Finalizing details with a speaker.
If you have a topic you'd like to present on, please let us know!
According to the 2017 Verizon Threat Report, fifty-eight percent of medical data breaches are linked to hospital staff or insiders. Healthcare is the only critical infrastructure sector in the United States that is more likely to be internally compromised than externally. This talk will delve deeper into the topic to isolate why this is so and offer some simple solutions to lower that risk.
Matt is a Product Security Expert for a medical device manufacturer and teaches Cybersecurity and Resiliency in Healthcare & Cybersecurity and Healthcare Policy at Salve Regina University in Newport, RI as an adjunct professor. He regularly speaks on the topics of cybersecurity and healthcare.
This meetup is sponsored by the RI Tech Collective. https://tech-collective.org
This is not a DC401 event but wanted to make everyone aware of it. The Tech Collective (where we have our Defcon meetings) is hosting a free CIO/CSO forum this Thursday at 4 pm. This is a networking event for all area CIOs and CSOs.
There will be a presentation by Michael Santarcangelo titled "Straight Talk on Execution: Elevating Technology and Security Team Performance and Accelerating Results. This event is free.
More information and RSVP: https://tech-collective.org/event/ri-cio-ciso-forum/
This presentation will cover fileless malware with the goal of deepening your understanding of techniques used to stay off of disk. This talk will outline the theories and reasoning behind the usage of fileless techniques, methods of execution, evasion, as well as demonstrations of techniques that leverage Microsoft-signed binaries to execute arbitrary malicious code. The presentation will be followed by an open Q&A session, so bring any and all questions!
Matt Hand is Rapid7's Red Team Technical Lead, penetration tester, and security researcher with over seven years of experience in offensive security, primarily focusing on adversary simulation. Before joining Rapid7, Matt was a Senior Penetration Tester and Red Team Lead at Tenable where he developed and lead their penetration testing and red teaming capability. Matt currently lives in the DC metro area with his small family and enjoys coding, beers, and lifting heavy things.
Matt will be presenting remotely, via video.
This event is sponsored and hosted by the Rhode Island Tech Collective.
I wanted to make sure that everyone was aware of the Layer 8 conference happening in Providence at the RI Convention Center on Saturday, June 8th. This is a full day conference with two tracks of talks on social engineering and OSINT, three villages (Lockpicking, OSINT, Mental Health Hackers) as well as networking opportunities and companies that are hiring! This conference is for everyone, from those who are curious about social engineering or OSINT, to current IT security professionals, to investigators and social engineers!
If you'd like to attend, please go to https://layer8conference.com and purchase your $50 ticket for all this content. Plus, your lunch is included!!
Let's talk about passwords. We'll take a look at how to crack them, things to look for, tips, tricks for using hashcat. We'll also talk about the passwords our users choose when given a set of rules. How should we create our password policy in a way that will make the enterprise more secure against password guessing and cracking.
We'll also be looking for presenters for future meetings, so if you got something, offer it up!
Event co-sponsored by the RI Tech Collective. (https://tech-collective.org/)
This will be the third time that we've had Congressman Jim Langevin come speak with us about issues he is working on with regard to information security and privacy. His is on the House Committee on Homeland Security and the Subcommittee on Cybersecurity and Infrastructure Protection and Subcommittee on Emergency Preparedness, Response and Communications. He also co-chairs the Congressional Cybersecurity Caucus.
Please join us on October 22nd to meet with Congressman Langevin and talk with him about current issues in cybersecurity and privacy. This meeting is free and open to all!
With Michael Rossoni. Being a victim of ransomware is never fun, no matter how masochistic one may be. The recovery process should be as easy as restoring from backups and being back online within hours, but sometimes it isn't. When awesome security engineers and rock star IT professionals make up part of a small business, this recovery can require little effort. For a well established, large company, the process is more nuanced, especially when networking and infrastructure staff have ignored architecture changes suggested by information security over the years.
Come with us on a journey of one application security engineer and his efforts in helping a large company recover from ransomware apocalypse.
Mike's an electronics hobbyist, software hack, and certified application security professional (GWEB, CSSLP) who voids warranties and breaks things to figure out how to make them better. He's been in the software engineering business professionally in a variety of roles, including application security (secure SDLC, pen testing, etc.), network-enabled embedded systems development, QA, and full stack development for both on premise and SaaS based solutions. He also plays role of sysadmin when necessary.
• What we'll do
Posting this to both Meetup sites...I am organizing a first of its kind conference in RI, "Social Engineering RI" This is a one-day conference on June 16th, at Salve Regina University's Pell Center, with talks and activities focused on IT social engineering. Learning about phishing, vishing, pre-texting, physical bypasses and how to defend against these attacks. We will also have a panel with past winners of the Social Engineering CTF from DefCon and DerbyCon, to learn how they did it.
Get more information at: http://se-ri.org
Tickets are available at: https://socialengri.eventbrite.com
• What to bring
• Important to know
• What we'll do
Bring your toys! You have a 3D printer? Bring it! You have an RFID cloner? Bring it! You have WiFi antennas? Bring 'em! Let's show each other the tools you have and what kinds of things you like to do with them. We can spend the first 30 minutes setting up and then give everyone 5-10 mins to do a demo and then the rest of the time trying out each others stuff.
• What to bring
Your tools/toys! What do you like to work on, hack with or pull apart? Bring it!
• Important to know