London DEFCON - September 30th 2014
Yes, that's tonight! Apologies for the late notice - I've been travelling. A lot. In the meantime, The Phoenix finished their refurb and is back up and running, and looking pretty swanky, so I'm looking forward to seeing what's new... Let's hope they haven't changed the beer! :) We don't have any specific talks scheduled for this month, but as always, if you've got something interesting you want to present, feel free to come along and we'll let you have the floor... I will also be bringing my RFIDler and a bunch of blank example tags with me, so if you've got any LF tags you want to examine and/or potentially clone, bring them down and we'll take a look... I'll also have my other RFID gear with me, so we can do a mini workshop kind of thing... *** Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Tube: Oxford Circus Date: Tuesday 30th September 2014 Time: 17:30 till kicking out - talks start at 19:30 Entry is free, see you there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - meeting Tuesday, 25th February 2014
Hi all! We have a busy evening lined up, with two great speakers for you. We will also talk a little about Def Con's Badge Hacking Challenge, and Tony will have some badges with the IO connectors installed. As usual we will be in the downstairs bar at The Phoenix, Cavendish Square, W1G 0PP... The venue is ours from 17:30 until 23:00, talks start 19:30. Entry is free, sorry bar rules are 18+ only. +++ 1st Speaker: Chris Sumner (Suggy), Online Privacy Foundation Title: Predicting Susceptibility to Social Bots Synopsis: Are some Twitter users more naturally predisposed to interacting with social bots and can social bot creators exploit this knowledge to increase the odds of getting a response? Social bots are growing more intelligent, moving beyond simple reposts of boilerplate ad content to attempt to engage with users and then exploit this trust to promote a product or agenda. While much research has focused on how to identify such bots in the process of spam detection, less research has looked at the other side of the question--detecting users likely to be fooled by bots. This talk provides a summary of research and developments in the social bots arms race before sharing results of our experiment examining user susceptibility. We find that a users' Klout score, friends count, and followers count are most predictive of whether a user will interact with a bot, and that the Random Forest algorithm produces the best classifier, when used in conjunction with appropriate feature ranking algorithms. With this knowledge, social bot creators could significantly reduce the chance of targeting users who are unlikely to interact. Users displaying higher levels of extroversion were more likely to interact with our social bots. This may have implications for eLearning based awareness training as users higher in extraversion have been shown to perform better when they have greater control of the learning environment. Overall, these results show promise for helping understand which users are most vulnerable to social bots. +++ 2nd Speaker: Dominic Spill Title: USBProxy - building a cheap and open USB MitM device Synopsis: With the introduction of FaceDancer, there has been a surge of interest in USB security. USBProxy is an open framework for the BeagleBone Black to make it simpler for anyone to monitor, inject or modify data carried over a USB connection. While the FaceDancer will allow devices to be written on a host system, we are able to go further and man-in-the-middle connections to existing devices as well. The BeagleBone Black also enables us to operate at USB 2.0 Hi-Speed +++ Info about DC4420 (Defcon London) - http://www.dc4420.org/ Info about the venue - http://www.phoenixcavendishsquare.co.uk/ Cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - January meet - Tuesday 28th January 2014
Well here we go again... It's a new year, but we're still in the same place and still going strong! Last year we continued to grow and to host many fantastic and interesting talks, as well as performing the more important tasks such as drinking beer and drinking more beer... This year we hope to do the same, and to this end we are kicking off with an 'open mic' evening, as well as launching a couple of competitions... The first is the international 2014 DEF CON Groups Challenge: https://forum.defcon.org/showthread.php?t=13743 we will discuss how we can participate, and provide resources to those that wish to do so... Secondly, it's about time we had a new t-shirt! In the very early days we produced a limited number of shirts, and, frankly, mine is worn out and I need a new one, so WTF? Why hasn't someone come up with a nifty design? Get to it! Finally, open mic/lightning talks... This is your forum, and your opportunity to speak to your peers in London and shape the meetings to come... Have your say and/or tell us about the cool shit you did over Christmas! *** Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 28th January, 2014 Time: 17:30 till kicking out - talk starts at 19:30 *** Dates for the rest of the year and other info: http://dc4420.org *** See you there! cheers, mm -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - October meet - Tuesday 29th October 2013
doesn't time fly when you're hacking fun? on a very topical note, this month we have: Tuesday 29th October, 2013: 1st Speaker: Tony Naggs Title: How the NSA (maybe) spies on your web shopping, email, social and business networks Synopsis: Since the recent revelations about the extent of the NSA's Internet surveillance came to light the question has been how could this possibly happen. One suggestion is that Internet (NIST or IETF) security standards have been deliberately weakened. Specific suspicion has fallen on Dual EC DRBG, a standard random number generator. This talk will look at whether how Dual EC DRBG could have been sabotaged, and how that could lead to weak cryptography that the NSA can crack. +++ the 2nd Speaker is a friend of mine, and one of the few journalists i really trust and have worked with on many occasions... he has just completed a fun project: Steve Boggan, Freelance Journalist Title: Follow the money! Synopsis: Two years ago, three film makers decided to follow a ten-dollar bill across America for 30 days to see where it would go. Two of them will talk about the places it took them, the people they met and how Kickstarter ensured that their film will end up on our screens... *** Venue: DOWNSTAIRS @ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 29th October, 2013 Time: 17:30 till kicking out - talk starts at 19:30 Entry is free, all are welcome, see you there! more info: http://dc4420.org cheers, mm -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - August Meet - Tuesday 27th August 2013
Bank holiday's over and it's time to get back to work, which totally sucks! However, what doesn't suck is that we've got a meet so we can all drink beer and cry about it together... :) In the absence of any other speakers coming forward, this month I'll be talking about our latest project... 1st Speaker: RFIDler - A Software Defined RFID Reader/Writer/Emulator Adam Major Malfunction Laurie - Aperture Labs I've gone back to my roots and starting playing with RFID again, but this time I've got Chip Monkey to help so we've gone right to heart of the problem and figured out what's really going on under the hood... You may find it somewhat surprising, like we did, and as a result we've started a kickstarter project to get the resulting device out there. In this talk I'll discuss how RFID really works and how we can apply the concepts of Software Defined Radio to the technology... Spoiler Alert!!! If you are coming to the talk, don't read my blog entry: http://adamsblog.aperturelabs.com/2013/08/rfidler-open-source-software-defined.html 2nd Speaker: TBA - if you've got a 20-30 minute 'fun' talk, step up and let us know! Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 27th August 2013 Time: 17:30 till kicking out - talk starts at 19:30 Entry is free, all are welcome, see you there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London - DC4420 - June CFP - Lightning talks!!! - Tuesday 25th June 2013
OK, you've got the whole weekend ahead of you to dig out that project you *know* you've been dying to talk about but haven't quite got the rough edges off... This month we're doing our annual lightning talk session, and we welcome any and all 15 minute submissions. In fact, don't bother submitting them, just come along and give us what you've got! There will be prizes! Probably hacking related, who knows? And some stickers, obviously. And maybe a hard-to-get t-shirt or two... Meet is on Tuesday 25th June in the usual place at the usual time... Details here: http://dc4420.org Don't let us down! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - April meet - Tuesday 23rd April 2013
Whether you're coming to town next week for London Infosec or BSides, or you're in the smoke anyway, come and join us for what is normally our busiest and most entertaining night of the year... This time should be no exception: we have managed to retain our normal venue - The Phoenix - and we have a single speaker giving us a full hour 'fun' talk, leaving us plenty of time for, well, you know the score... Primary Speaker: Kev Sheldrake - Head Hacking Title: Social Engineering Lies! Synopsis: Social engineering is the practice of gaining unauthorised access to something, typically only using human interaction to do so. NLP is a pseudo-scientific psychological paradigm for modelling excellence and creating hypnotic change. Hypnosis is the process through which hypnotic subjects take and act upon suggestions. It is possible to apply NLP and hypnosis to social engineering. Or so people would tell you. This talk will tell you different. Featuring lots of swearing and optional audience participation, I'll explain the hypnotist's perspective on 'covert hypnosis' and NLP. I'm a hypnotist, but I promise not to hypnotise anyone at the event. ~~ Secondary Speaker: The Bar Staff Title: Buy Major a beer Synopsis: Now you've been lied to by the primary speaker, you will buy Major a beer. *** Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 23rd April, 2013 Time: 17:30 till kicking out - talk starts at 19:30 See you there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - March meet - Tuesday 26th March 2013
yes, it's that time of the month again and this time we have a speaker on a subject close to my heart - low level hardware hacking... Speaker: Dominic Spill Title: Introducing Daisho - monitoring multiple communication technologies at the physical layer Synopsis: Most communications media can be monitored and debugged at various levels of the stack, but we believe that it is most important to examine them at the physical layer. From there, the security of every level can be investigated and tested. The task of monitoring physical layer communications has become increasingly difficult as we try to squeeze more and more bandwidth out of our links. A passive tapping circuit can be used to monitor a 100BASE-TX connections, but no such circuit exists for 1000BASE-T networks. Our solution to this problem is Project Daisho; an open source hardware and software project to build a device that can monitor high speed communication links and pass all of the data back to a host system for analysis. Daisho will include a modular, high bandwidth design that can be extended to monitor future technologies. The project will also produce the first open source USB 3.0 FPGA core, bringing high speed data transfer to any projects that build on the open platform. As a proof of concept at this early stage, we will demonstrate monitoring of a low bandwidth RS-232 connection using our first round of hardware and discuss the challenges involved with the high speed targets such as 1000BASE-T and USB 3.0 that we will take on later this year. *** so far we have no 'fun' talk, so if you've got something short and sweet ping me now! Where: DOWNSTAIRS!@ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Oxford Circus nearest tube When: Tuesday March 26th 2013 Venue ours from 17:30, talks start 19:30 see you next week! cheers, mm In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON Tuesday 26th Feb 2013
Apologies for the late announcement... Tomorrow we have a particularly excellent line-up! Primary Speaker: Arron Finnon - Finux Tech Weekly Title: The OSNIF Project: NIDS/NIPS Testing and Auditing Synopsis: Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for awhile, and I get either that's awesome or they've been done to death. The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation. For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF? I intend to look at the current situation surrounding testing and assessing NIDS/NIPS and basically why it sucks. I'll also discuss the Open Source Network Intrusion Framework (OSNIF) project, which is a open group set up by people involved within IDS/IPS to put together a testing methodology for IPS/IDS. Sort of OWASP but for NIDS/NIPS ~~ Secondary Speaker: Adrian Hayter - Convergent Network Solutions Title: The dangers of black box devices. Or...just how many insecure IP cameras are out there? Synopsis: Last year a security vulnerability left hundreds of TRENDnet IP camera feeds exposed on the Internet, many of them broadcasting their owner's living rooms, or (even more disturbingly) children sleeping. One year on, and despite assurances from TRENDnet, a large number of feeds are still accessible. Over the last several months, I've hunted down the feeds of numerous types of camera and slowly built up an online viewer to illustrate the problem that these black box devices pose to uneducated users. This talk will give an overview of the processes involved in creating the viewer, as well as showcasing some of the more bizarre interesting feeds that are still broadcasting to this day. Venue is here: http://www.phoenixcavendishsquare.co.uk/ Full details: http://www.dc4420.org/ See you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
Released: rompar - Semi-automation tool for data extraction of microscopic Masked ROM images
As promised at DC4420, here is the first cut (extremely beta!) of the image processing software for semi-automating the task of extracting data from images of Masked ROMs: http://www.aperturelabs.com/tools.html Fuller description/blog here: http://oamajormal.blogspot.co.uk/2013/01/fun-with-masked-roms.html cheers, mm -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013
what it says on the tin! speakers: Chris Sumner (Suggy) - Online Privacy Foundation presenting: Predicting Dark Triad Personality Traits from Twitter usage and a linguistic analysis of Tweets This study explores the extent to which it is possible to determine anti-social personality traits based on Twitter use. This was performed by comparing the Dark Triad and Big Five personality traits of 2,927 Twitter users with their profile attributes and use of language. Analysis shows that there are some statistically significant relationships between these variables. Through the use of crowd sourced machine learning algorithms, we show that machine learning provides useful prediction rates, but is imperfect in predicting an individual’s Dark Triad traits from Twitter activity. While predictive models may be unsuitable for predicting an individual’s personality, they may still be of practical importance when models are applied to large groups of people, such as gaining the ability to see whether anti-social traits are increasing or decreasing over a population. and... yours truly Adam Laurie (Major Malfunction) Zac Franken - Aperture Labs Ltd. presenting: Hardware Hacking The Easy Hard Way: Semi-Automating the process of decapping chips Fancy getting your hands disolved^W dirty with boiling nitric acid? Ever wondered what's under the silicon in a silicon chip? And once you're under the hood, what next? This short talk will reveal our initial explorations into the caustic world of silicon deconstruction. There will be toolz... Venue: Downstairs at The Phoenix: http://www.phoenixcavendishsquare.co.uk/ be there by 19:30.. More: http://dc4420.org see you next week! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - 2013 CFP
hey! i know it's a bit late, but Happy New Year! i've posted the dates for 2013 meetings on dc4420.org but you'll notice there is very little else! that's because we still need talks! for those that are yet to join us for our monthly gathering, the format is we meet in a private room in a pub, we have a 1 hour talk and a 20 minute talk on *any subject*, but hopefully something that is interesting to the 'hacker' community in the past we've had everything from reverse engineering Windows DEP to building your own Thermic Lance, so when I say any subject, i really do mean any subject that is either interesting or amusing or preferably both... you will be speaking to a small crowd (normally between 60 and 100), so if you want to practice a talk that you're thinking of submitting to a 'real' conference, or you've already given it somewhere that a small section of London is unlikely to have attended, or you have an idea that you can cover in just 20 minutes and never really though of turning it into a talk, or you've never done any public speaking before then this is the place... you will be most welcome and someone may even buy you a nice warm beer! we have the one-hour slot filled for January, but all others are currently open so don't be shy - send your submission to ta...@dc4420.org... all other details are here: http://dc4420.org i hope to see you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - Christmas 2012 meet! Tuesday 11th December 2012
Hard to believe, but 2012 is almost over Once again we've managed to secure the venue for a December meet, so we can start the festivities well before your livers are too crippled by office parties... Not only that, but we've even got a speaker lined up! Chris from Facebook London's Site Integrity Engineering Team will be giving us: Why root the kernel when you can just install a toolbar? Chris will give a brief overview of the major attacks against Facebook and then deep dive on a trend towards browser malware that they really saw gain traction last year. ... and then we'll do some serious Christmas drinking! DOWNSTAIRS @ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Talk starts at 19:30, but the venue is ours from much earlier... food is good and beer is cold! See you next week! cheers, MM p.s. if you have any potential talks for next year please email: mailto:ta...@dc4420.org?subject=DC4420%20Talk -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - July meet - Tuesday July 17th 2012
OK, this is the last one before the big one! Whether you're coming to Vegas or not, you need to be here for this: Title: Hacking iOS Applications Synopsis: iOS applications are leet and cool. Let's have some fun with them! Pentester Bio: Zsombor Kovacs, Zsombor is a security geek interested in hacking iOS applications, working for an early adopter of enterprise iPad applications. Heh. Maybe he can help me unfsck my iphone... Speaking of which, what do you do when you get the dreaded 'error -1' when updating to the latest ios (5.1.1) and the apple support nazis say 'you must have tried to hack it, tough luck!'? No, really, I didn't try to hack it. Honest. No, honest, really. Look, I *know* who I am, but, honest, honest, honest, guvner, pretty please I didn't. Your stoopid update broicked it! Dammit! Anyways, moving on Venue is here: The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Talks start at 19:30, kicking out at kicking out time. See you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - June meet - Tuesday June 19th 2012
As I'm sure you've all now recovered from celebrating with The Queen, it's time to crack open your wallets and come and celebrate the arrival of the other week's worth of decent weather that we call the British summer and have a drink with us! This month we have a proper tekky talk on the very topical subject of A brief analysis of CVE-2012-2122 Synopsis: A code analysis of the recently revealed MySQL authentication bypass Presenter: Campbell Murray Twitter: @zyx2K Presenter Bio: A UK based penetration tester and community contributor. Techncial Director of Encription Limited, a UK and European penetration testing, training and forensics company. Director and member of the Technical Panel for Tigerscheme. I promise their research is better than their spelling, and we may have a fun talk as well, which is yet to be confirmed... Venue is here: The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 19th June 2012 Time: 17:30 till kicking out, talks start at 19:30 See you tomorrow! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
Back at the Phoenix Sorry for the late notice, but you know the score by now :) Speakers: 'Why Industrial System air-gaps suck.' Eireann Leverett of IOActive A talk on why industrial systems can increasingly be found on the internet, and how to work with CERTs to change it. We've also got room for a 30min fun talk, so ping me when you get there if you have one... Venue is here: The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 22nd May 2012 Time: 17:30 till kicking out, talks start at 19:30 See you tomorrow! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
Yes, It's INFOSEC week again, so limber up your shwag carrying muscles and head down to get your shiny shiny!!! You know you can never have too many stress balls or thumb drives... And while you're there, come and see us! As usual, we are making special arrangements for the influx of bods that we would not normally get to see, so please note we are NOT AT THE PHOENIX I'll say it again. We're not there, we're here: The Troubadour http://maps.google.co.uk/maps/place?cid=11073162209179321373q=The+Troubadour+Cafe,+Londonhl=enie=UTF8ll=51.546549,-0.320492spn=0.000107,0.000172t=mz=13vpsrc=0 It's not far from Earls Court Tube (District/Piccadilly) and very close to the West Brompton train station where the overland choo choo goes from t'north round to Clapham, Euston and other places of London... http://www.tfl.gov.uk/assets/downloads/London-Overground-Network-map.pdf The UK Conference 44Con are holding an event there: 44Cafe (from lunchtime) and they are gifting us the venue for the evening. How sweet. This kind of splendid venue doesn't come cheap... it will be rather different and you will like it. Regulars will need to be early though, as space will be a bit more limited than usual. We are in the club downstairs, but there's a full 50's styled cafe upstairs for chatting with a great menu and coffee and the odd beer. When they say they do 'all day breakfast' they _mean_ it. You can order it at 10.30pm... As for talks, we will have (ahem!), myself (Aperture Labs, Defcon Goon, RFIDiot) talking about either new and shiny RFID or RF or both, depending on StuffThatNeedsToHappenBeforeItCanGoPublic(tm), and... Steve Lord (Mandalorian, 44Con Co-organiser) talking about OtherStuff(tm). Kickoff at 19:30, kickout some time after normal as they have a late licence... (website claims 02:00, so let's see how close we can get! :) See you next week! MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - February meet - Tuesday February 21st 2012
This month we have our usual two talk format - one that you'll need to concentrate on (and which will give us time to break into the bar), and one through which you can sip the beer you bought to accompany the one you bought for me... Shaun Colley of IOActive will make our heads hurt with printf tricks setjmp/longjmp bugs followed by E-mail Headers I Have Known And Loved from @gwire (of NTK fame) Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 21st Feb, 2012 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, this year's dates will be posted on the website as and when they're confirmed: http://www.dc4420.org See you tommozza! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - 24 January 2012
Calling all survivors of 2011! We're back! Hopefully, so are you... Not only are we back, but we are back in the same old place in London's lovely West End... The Phoenix. And this year, to kick off, we have: Duncan Alderson/webantix of upSploit hoping to start a lively discussion on the subject of full/responsible disclosure. We do not yet have a 'fun' talk, so if you've got something short and/or sweet then bring it along and we'll pick one on the night... You should know all this by now, but: Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 24th January 2012 Time: Room is ours from 17:30, talks kick off at 19:30 Place: The Phoenix 37 Cavendish Square London W1G 0PP Meeting is *** DOWNSTAIRS *** As always, all this year's dates are posted on the website: http://www.dc4420.org See you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - 13 December 2011
OMG, it's Christmas again!! But happily this year we don't have to lurk in the corner of a dingy pub trying to look like we're having fun amongst the estate agents, bankers and stock borkers annual do's, as we have our very own cosy well stocked *private* bar and meeting space as per normal... Yes, our new home has not only put up with us for the whole year but have even invited us back for Christmas! Sweet! To celebrate, you are going to come and entertain us. Yes, that means YOU... This month we are doing lightning talks, so if you've got a 5-10 minute presentation, with or without slides/hardware/pyrotechnics/hadron colliders/pixies then bring your game face and share it with us... Also... There will be: Beer. (Small but cool) prizes for the best talks... More beer. Your last chance to buy the few remaining original DC4420 t-shirts! Even more beer. Your last chance (this year) to buy me a beer. Where: *** DOWNSTAIRS *** The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. When: Tuesday 13th December 2011 Room is ours from 17:30, talks kick off at 19:30 See you next week! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November
Where: DOWNSTAIRS @ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ When: Tuesday 15th November, 2011 17:30 until kicking out time Why: Drinking and playing with awesome tech Who: You Me THC (The Hackers Choice twitter:@hackerschoice) What: THC are going to do a short talk about Enigma - they will be bringing a *real* Enigma machine with them What else: More drinking No really, what else: A shortish tech talk if someone gets one in to us in time Greets: MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - October meet - Tuesday October 18th 2011
As we've had a bit of a break, we've lined up something special this month, and, of course, your livers will be in great shape for a bit of extra abuse... :P We're going to give this one plenty of headroom, so only one talk this time: Glenn of Sensepost will be 'hacking Penny Auctions'... Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 18th October 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, all this year's dates are posted on the website: http://www.dc4420.org Hope to see you all there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
OK, you know the drill... We have monthly meetings. This is one of them. Be there! What: Shaun Colley - Jumping the guard page for fun and profit Stack overflows, generally due to recursion, have long been brushed aside as 'not exploitable..DoS only'. This isn't true - stack overflows ARE exploitable, and I'm going to demonstrate that. Jonathan Care - Hack the QSA I will not visit you in prison if you get into trouble trying out this stuff. Also, SCADA systems control things that are IMPORTANT and should not be fscked with lightly. Where: The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube When: Tuesday 25th January 2011 19:00 till kicking out Details: http://dc4420.org Drinks: On you. cheers! MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
On 13/07/11 18:47, Major Malfunction wrote: When: Tuesday 25th January 2011 OMG I'm a f*kwit (again). I meant Tuesday 19th July 2011, obviously!!! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - June meet - Tuesday 21st June 2011
Blimey, where does the time go??? Yes, it's already only a week to go before the next DC4420 meet... Last week, inspired by Paco Hope's awesome randomness talk, Zac, Caezar and I went out for a really good lunch and discussed randomness and how to achieve it. As Paco says, it's quite hard to do it right. Particularly if the lunch is really good and there is plenty of beer! However, we have a CunningPlan(tm). We told Paco about it. He said it (probably) didn't completely suck. We will share with you... So, for the tech talk this month, Zac I will present our CunningPlan(tm): Zac Major Malfuction - Ghetto Randomness - More rand for your buck. How to generate true randomness on the (very) cheap. There will be (poor quality) toys. :P Fun Talk: Doug Held of Fortify, talking about 'SHA-3' How could this be fun? You'll just have to turn up and find out.. May include Beer (as in free). Important stuff: Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 21st June 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, all this year's dates are posted on the website: http://www.dc4420.org See you next week! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - May meet - Tuesday 24th May 2011
Just over a week to go until this month's London DEFCON meet, so get it in your diary now! For the talks we have: Tech Talk: Paco Hope of Cigital is going to present on randomness... We've seen how to get good random numbers from hardware. Given that, you would think that shuffling cards, rolling dice, and random session identifiers would be easy. They're not. Our instincts and intuition are often wrong. We'll look at shuffling and algorithms gone wrong, and talk about doing it right. Expect a few surprises. Fun Talk: The Whitehat Rally, Etamo friends... Showing Top Gear how it's really done. And stuff. Bonus: DEFCON Network 2011, Lockheed Not only do we have two great confirmed talks, but we also be graced by the presence of our favorite network goon, who has been persuaded to give us a heads up on what to expect in our new home in Vegas this year... Sweet! Important: Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 24th May 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, all this year's dates are posted on the website: http://www.dc4420.org Hope to see you all there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
Re: DC4420 - London DEFCON - April meet - Wednesday 20th April 2011
*** REMINDER!!! Now *this* Wednesday... You wanted technical, you got it In March we quantum'd your minds then keylogged you with 13 lines of code: Thanks to Gregoire of IDQ for the drinks and the great talk. Thanks to Krunch for the Systemtap walkthrough and entertaining delivery! ... and now to April - it's the INFOSEC edition! Every year on Infosec Wednesday we pull a rabbit out of the hat and wake up peoples brains - Providing some relief from the product focused marketing in that big hall. This year we've also got BSides London in town, so you've got twice the reason to make the trip! Where: DOWNSTAIRS!@ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Oxford Circus nearest tube When: Wednesday April 20th Venue ours from 17:30, talks start 19:30 Notice: currently talking to people who want to buy you drinks, early in the evening. This is traditional for infosec. We have 2 excellent speakers talks - don't miss this. Technical Talk: Evading Defences - Steve Lord. Fun Talk: cccamd, spartacus, and the largest sat-card sharing ring in the world - Neil 'mu-b' Kettle Administrativa: BE EARLY. We have a max capacity and every year for the last 3 years we have filled whatever venue we have been at on this night! You have been warned! http://www.dc4420.org/ cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - April meet - Wednesday 22nd April 2011
I know it's 3 weeks out, but there's a lot going on that week so I wanted to make sure you've got this in your calendars! You wanted technical, you got it In March we quantum'd your minds then keylogged you with 13 lines of code: Thanks to Gregoire of IDQ for the drinks and the great talk. Thanks to Krunch for the Systemtap walkthrough and entertaining delivery! ... and now to April - it's the INFOSEC edition! Every year on Infosec Wednesday we pull a rabbit out of the hat and wake up peoples brains - Providing some relief from the product focused marketing in that big hall. This year we've also got BSides London in town, so you've got twice the reason to make the trip! Where: DOWNSTAIRS!@ The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Oxford Circus nearest tube When: Wednesday April 20th Venue ours from 17:30, talks start 19:30 Notice: currently talking to people who want to buy you drinks, early in the evening. This is traditional for infosec. We have 2 excellent speakers talks - don't miss this. Technical Talk: Evading Defences - Steve Lord. Fun Talk: cccamd, spartacus, and the largest sat-card sharing ring in the world - Neil 'mu-b' Kettle Administrativa: BE EARLY. We have a max capacity and every year for the last 3 years we have filled whatever venue we have been at on this night! You have been warned! http://www.dc4420.org/ See you in 17 days! cheers, MM/Alien -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011
Another 22nd! How spooky is that? If I were a gambling man, I'd be betting on horse number 22 coming in 2nd in the 2nd race... or something and while we're on the subject of unlikely things, who says there's no such thing as free beer? Yes, this month we've found not one but two victi^Wsponsors who are deliberately falling foul of our Fight Club rules and offering to buy the room a round of drinks! And one of them wants to offer you a job to boot! OK, they had me at the free beer, but what the hell... I will pause my supping to listen to the job offer... and then drink more beer. Which brings us nicely to the first talk: Quantum Technology - first encounter by Grégoire Ribordy, Quantum Engineer (like a Rocket Scientist, only smaller). Not only is Grégoire going to explain a lot of stuff that we thought might be possible but can't quite believe, but he's also going to buy us another round of drinks! How awesome is that? Let's hope they're not to scale... and for the short/fun talk: Adrien Kunysz aka Krunch brings us BOFH meets SystemTap and finally... Bonus workshop - fibre optic sniffing. Shiny! Important stuff: Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 22nd March 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, all this year's dates are posted on the website: http://www.dc4420.org See you in a couple of weeks! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
Re: DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011
*** REMINDER *** This is next Tuesday! If it ain't in your diary already, make sure it is now... THC talk promises to be a stonker, and Christer is, well Christer!!! This month we have a spectacular start to the year with a stellar guest speaker from The Hacker's Choice presenting new and devastating StuffYouDon'tWantToMiss(tm): THC - 'Advances in understanding DoS' - it's not about lots of traffic anymore - DDoS Amazon from your DSL. Read it again: Amazon. DSL. Need I say more? Oh, and there will be tools. =:O Also, bringing back our popular 'one serious, one fun' talk format, we've got in the fun slot: Christer - linux kernel 0days are obsolete (you can now get them for free) and finally, this will be Dominic's (of Bluetooth fame) last dc4420 for the forseeable future, so we intend to get him really really drunk and then allow him to spew into the mic... Could be interesting^wdisgusting... Important stuff: Meeting is *** DOWNSTAIRS *** Room is ours from 17:30 If you arrive early (and, for that matter, if you arrive late), please make sure you order food drink at the downstairs bar. If you create a tab, create it at the downstairs bar. Basically, once you arrive, you belong to the downstairs bar!!! This is important if we are to keep this space - we need to be able to show that we are bringing in decent food drink spend (peeing is free, however... you can do that upstairs). Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 22nd Febraury 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP All this year's dates are posted on the website: http://www.dc4420.org See you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011
If I said you had a beautiful venue would you hold it against me? OK, so the January social was not only good++ but it also confirmed that we have an awesome new home!!! Place is big, but not too big - room for growth but laid out so we can easily huddle in the meantime. Food is good. Beer is good. Space is good. PA is good. 'Stage' is good. Screen is good. Did I see beer is good? What more could we need? Oh, that's right... awesome speakers! Well, that's also good. We've got 'em... This month we have a spectacular start to the year with a stellar guest speaker from The Hacker's Choice presenting new and devastating StuffYouDon'tWantToMiss(tm): THC - 'Advances in understanding DoS' - it's not about lots of traffic anymore - DDoS Amazon from your DSL. Read it again: Amazon. DSL. Need I say more? Oh, and there will be tools. =:O Also, bringing back our popular 'one serious, one fun' talk format, we've got in the fun slot: Christer - linux kernel 0days are obsolete (you can now get them for free) and finally, this will be Dominic's (of Bluetooth fame) last dc4420 for the forseeable future, so we intend to get him really really drunk and then allow him to spew into the mic... Could be interesting^wdisgusting... Important stuff: Meeting is *** DOWNSTAIRS *** Room is ours from 17:30 If you arrive early (and, for that matter, if you arrive late), please make sure you order food drink at the downstairs bar. If you create a tab, create it at the downstairs bar. Basically, once you arrive, you belong to the downstairs bar!!! This is important if we are to keep this space - we need to be able to show that we are bringing in decent food drink spend (peeing is free, however... you can do that upstairs). Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 22nd Febraury 2011 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP All this year's dates are posted on the website: http://www.dc4420.org See you in a couple of weeks! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON - DC4420 - Tuesday 25th January 2011 - SOCIAL
Hi All! As if eating drinking and hacking your way through Christmas and New Year weren't enough, we've now got Burns Night to contend with, a new venue to break in, and only a few days to get ready!!! Yes, after several months of stomping (actually, cycling in his case) the streets, alien has pulled another rabbit out of his hat and come up with a great new venue which will hopefully last us for the foreseeable future... We weren't able to get it in time to have a 'proper' meet this month, but we're going to get together anyway and remind our livers just what we expect of them in the months to come... Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus, so nice and easy to get to, and a good menu and selection of beers including Belgian Weiss, so this place definitely gets my vote! :) Date: Tuesday 25th January 2011 Time: 19:00 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP Entertainment: Pub quiz, whiskey testing (or is that tasting?), hanging out with geeks. All this year's dates will be posted on the website shortly, but be sure and keep Tuesday 22nd Feb free! We will be having a talk you *do not* want to miss!!! http://www.dc4420.org See you on Tuesday! Cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON - DC4420 - August meet - Wednesday 25th August 2010
allegedly, it's that time of the month again... as all our speakers are either dying from strep throat having spent more hours than is medically advisable in the company of desert heat and/or air conditioning, or are sunning themselves on some far away beach where dc4420 is the last thing on their minds, this month will be largely a social, where you get to buy me beer, interrupted only by a couple of lightning talks should the urge to speak overwhelm one or more of you... oh look, we have a volunteer already! alien will explain why chicago should absolutely positively be the last place you transit through on the way to vegas, and what happened when he got there... venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 kickoff: Wed 25th August 2010 room ours from 18:00, talks start at 19:30 kitchen closes at 21:30 last orders 23:00 see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON May meet - DC4420 - Wed 26th May 2010
wow, doesn't time fly when planes don't? :P if, like me, you've been stuck in the UK, admiring the ash cloud and listening to the chants of the soon to be unemployed trolley dollies, you'll be glad of the distraction of a couple of pints, a decent pie and some evil hax0r learning hammered into your withering brain... yes, it's that time of the month again, and we shall be gathering in the usual haunt to hear: Justin Clarke - @Connectjunkie 'SQL injection: how far does the rabbit hole go?' Justin is the author of 'SQL Injection Attacks and Defense' and may even have some copies with him for purchase/signing... nuff said. *** The fun one: Steve Lord Fun with botnets *** and then to drink a lot. and some more. venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 kickoff: Wed 26th May 2010 room ours from 18:00, talks start at 19:30 kitchen closes at 21:30 last orders 23:00 see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON April meet - DC4420 - Wed 28th April 2010
Aargh! It's INFOSEC next week If you are: a. Attending INFOSEC b. In London anyway c. Able to fly through volcanic ash d. From another DEFCON group e. Bored f. Interested g. Interesting h. Any of the above Then come and join us for April's 'Social' DC4420, which is timed especially to coincide with INFOSEC so we can get all you out-of-towners away from Olympia and get you very, very drunk, British stylee... Having said that, thanks to our friends over in (or under) Iceland, it may be that this normally rammed event is slightly less well turned out than usual, so we've pencilled in a short but *very* exciting talk... We're going to lay the room out for 'standing room only', so get there early to guarantee your squatting rights... *** Exposing Interesting, 'Hidden' Dark Social Network Relationships with Maltego by @l0sthighway @TheSuggmeister This talk highlights how you can extend the powerful data visualisation tool, Maltego, to data mine virtually anything with an API or that you can 'screen scrape'. We will focus specifically on Facebook and Twitter, demonstrating how you can access users data and map social relationships using both Facebook API and Twitter API's and the Facebook Query Language (FQL). *** venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 kickoff: Wed 28th April 2010 room ours from 18:00, talk starts at 19:30 kitchen closes at 21:30 last orders 23:00 see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON March meet - DC4420 - Wednesday March 31st 2010
Yes, we've just managed to squeak in the last Wednesday of the month and, as autom8on failed to burn down the venue last month, we're back to have another go... This month's lineup is: The tekky one: DIY grid computing - it's easier than you think tqm will show how to create a simple grid and spread the load across many nodes using some brain cells, commodity hardware and some not-so-magic scripting The fun one: Rocketry for fun and profit the hatter will show us some fun (if rather efficient) ways to turn spare money into smoke, and some tips on getting more *BANG* for your buck... Other stuff you need to know... Venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue Nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 Kickoff: Wednesday March 31st 2010 Room owned from 18:00, assimilation starts at 20:00 Beer: Yes, both kinds Last orders 23:00 Food: Yes, tasty Kitchen closes at 21:30 Music: Nah Strippers: We live in hope... Rules: Fight Club More: http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON February meet - DC4420 - Wed 24th Feb 2010
I think we can safely say that last month's meet was a huge success and the new venue was heartily approved by all... Attendance was back up and talks were excellent, as was food/drink/socialising etc., so thanks to all that made it! This month we hope to continue in the same vein, with the line up being: Jean-Luc : JVM breakout (the technical one) autom8on : thermal lance quick demo (the 'you can do this at home kids' fun one) ((( I'm hoping 'demo' is being used in the loosest possible way here ))) Major Malfunction : Armchair UAV Spotting (since I didn't have time to do it last month...) venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 kickoff: room ours from 18:00, talks start at 20:00 kitchen closes at 21:30 last orders 23:00 see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON January meet - DC4420 - Wed 27th Jan 2010
Hi All, It's a new year, and we have a new venue and new rules of engagement! First, the venue - we are back in a pub, in the heart of the west end, with a private room/bar and easy connection to mainline stations etc. Food is excellent and drinks are at *normal* pub prices (and, most importantly, they have Guinness) Secondly, ROE: we still run on Fight Club rules, i.e. you will talk, but we're going to make it a bit easier to get started... This year, we will be limiting the talks to a single full-length 'tek/security/hacking' talk, followed by a single 'fun/other' talk, which can be any length (if it's really short, we may do two that month)... Some previous subjects for the 'fun' talks have been: Torches / Lasers Home built water cannon Interfacing live firearms to FPS games Brain engineering (smart drugs etc.) ... you get the idea... Meeting will always be the last Wednesday of the month, and venue is booked for the whole year, so you can get these dates in your diary (they are also on the front page of the main site - http://www.dc4420.org/) January 27th Febuary 24th March 31st April 28th - Infosec *gulp* May 26th June 30th July 28th (Social - goons will be in Vegas!) August 25th September 29th October 27th November 24th December 15th (Social) -- Not a Wednesday! OK, so on to this month's details: venue: Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH http://tinyurl.com/dc4420-venue nearest stations: Tottenham Court Road London Underground station (150m) - zone 1 Goodge Street London Underground station (440m) - zone 1 Oxford Circus London Underground station (630m) - zone 1 Leicester Square London Underground station (680m) - zone 1 Covent Garden London Underground station (750m) - zone 1 talks: - mu-b : disk crypto stuff (the technical one) - even + others : white hat rally (the non-technical one) as mu-b may be late, and the rally talk may be quite short, we will also have: - Bonus: Major Malfunction will show the latest build of http://www.alcrypto.co.uk/satmap/ (the fun one) yes, me hunting for UAVs... :P kickoff: room ours from 18:00, talks start at 19:30 kitchen closes at 21:00 last orders 23:00 see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON - Christmas drinks - Wednesday 16th December
yes, another year has gone by and some of the survivors will be gathering together to swap tales of horror and/or triumph and to soothe our wounds with liberal applications of alcohol... all are welcome to join us, and as it's just a social, there is no pressure to perform! unless, of course, jumping up on the bar is your kind of thing... :) note that this is a slight change to the originally advertised date of the 17th, so to be doubly clear: we are meeting on WEDNESDAY the 16th DECEMBER, 2009... starting location (as this is a pub crawl): The Black Horse, 6 Rathbone Place, London W1. http://tinyurl.com/dc4420-venue Right next to Tottenham Court Rd. tube... we will be there from about 17:00, and are looking to move to the next venue at 19:30 (we will tweet on http://twitter.com/dc4420 as we move, so don't worry if you miss us at the first stop) hope to see you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009
what it says on the tin... i regret to inform you that there will be no meeting this month due to repeated let-downs with the current venue... instead, alien i will be scouting new locations for next year (i.e. going on a massive pub-crawl... :) we would also like to remind you that next month's meeting on the 17th December will be a social gathering only - i.e. no talks, no rules, no hassle! so put it in your diary now... venue to be announced closer to the time... cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London - DC4420 October 2009 Meet - This Thursday 15th
this month we have three great talks lined up, and, if Alien actually remembers to bring the shwag, we *will* have an auction for Hackers for Charity/EFF!!! talks are: y3d: stego in directories - Subere Evoting Machines - Glyn Eye in the sky. - Merlin time / date: 18:00 for 19:30 Thursday 15th October 2009 location: Sound Club 1 Leicester Square, London, WC2H 7NA Location Map: Sound Club, Leicester Square: http://maps.google.com/maps?f=qsource=s_qhl=engeocode=q=1+Leicester+Square,+London,+Westminster,+WC2H this is the NW corner of the square... if you stand facing the Empire Cinema/Casino, it's two doors to the left... confusion/faq: yes, it's a nightclub by name. no, there is no clubbing / loud music / scantily clad women / poles. no, there is no charge at the door - tell the bouncer you are there for dc4420 and they will let you in. tube: Leicester Square on the Piccadilly and Northern Lines. Piccadilly Circus on the Piccadilly and Bakerloo Lines. bus: Leicester Square Bus Map: http://www.tfl.gov.uk/tfl/gettingaround/maps/buses/pdf/leicestersquare-10899.pdf food : food is available at the venue - see the menu at: http://dc4420.org/files/soundclub/july_menu.jpg oh, and we beat them up about the beer prices (again) so hopefully we'll be able to afford more than 1/2 pint each this month... :P see you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London DC4420 March meeting - Thursday 19th March
Yes it's that time of the month already! We need to meet in west London and drink beer! Errr... I mean talk about techy hacky stuff... This month we've got Dominic giving us an update on his Bluetooth Foo, and, in an attempt to encourage some more speakers to come forward, the rest of the session will be devoted only to lightning talks, starting with a Dradis overview by etd. So, if you've got an idea, or a germ of an idea, a few slides or no slides at all, come and tell us about it and get some genuine feedback, expressions of interest, offers of collaboration, or just shock and awe, depending on how leet your shizzle is... :) Location is, as usual, upstairs at The Glassblower in Soho 42 Glasshouse St, Piccadilly, W1B 5JY http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr They do good food and real ales, and we have the bar exclusively to ourselves until kicking out time... Talks start at 19:30. See you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON DC4420 - February 2009 Meet - Thursday 12th
Following our supah successful January meet, where we actually ran out of time because of the volume and quality of talks (or was it volume of alcohol the speakers had imbibed?), this month we are going to limit the talks to 30 minutes and the number of speaking slots to 3 so we have more time for drinking/socialising in between... The lineup this month is: The Current State of Wifi - Arhont The Life of a Security Manager - Chris Sumner Java Stack Smashing - Subere There will also be a couple of workshops running in-between/after speakers: Data extraction via Firewire/demo - Guillaume Sneak preview of a $100 man-in-the-middle RFID protocol analyser - Major Malfunction (bring RFID tags!!!) And, of course... if this is your first meet... YOU will be talking! Where will all this take place? Upstairs @ The Glassblower http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr 42 Glasshouse St, Piccadilly, W1B 5JY Doors open from 7:00, speaking starts at 7:30 - please try to be prompt as some people need to go early to get trains back out of London. We have private use of the whole of the upstairs until 11:30. Real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar'. Other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. Even more stuff on draught : Becks, Fosters, 1664 Food menu is extensive and most importantly : they do Pie - but they stop serving at 9pm! I hope to see you all there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
ANNOUNCE: DEFCON London - DC4420 - January meet - Thursday 15th Jan 2009
hi all! here is an announcement, shamelessly cut pasted from the website (i.e. alien wrote it really :) Thursday 15th January. Happy seasonal greetings and stuff. The new year rolls in, the Govt 'crazy ideas' talking starts again - however here - sanity reigns and thus we bring you: Trampoliner - Automatically choosing return addresses for buffer overflow attacks - Tom Keetch MUFFIN recipe: How to find software vulnerabilities on Microsoft OS demo of firewire data leakage - Guillaume Vissian Architecture Analysis. - Orac failed allocations, more interesting than pie - xz All welcome, and if it's your first time you will be talking. Make it a new year resolution to talk to someone you don't know at this meeting! mailing list - login and look at the projects forum for details. the list will only accept posts from subscriber addresses! so if you send something and it doesn't appear, that's why... Where? Upstairs @ Glassblower http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr 42 Glasshouse St, Piccadilly, W1B 5JY doors open from 7, speaking starts from 7.30 - please try and be prompt as some people need to go early to get trains back out of London. we have private use of the whole of the upstairs till 11.30. real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar'. other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. even more stuff on draught : Becks, Fosters, 1664 food menu is extensive and most importantly : they do Pie - but they stop serving at 9pm! comment/participate at http://dc4420.org/ see you there!!! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - DEFCON London - Christmas meeting - Tuesday 2nd December 2008
Yes, folks, it's that time of the year/month again... This will be our last meeting of 2008, so we're planning to make it a goodun!!! All are welcome, but remember - Fight Club rules apply... If this is your first meet, you *will* talk... :) We've got extended bar time in the upstairs bar at our usual venue, so we can carry on after the meet without having to relocate downstairs... http://www.beerintheevening.com/pubs/s/20/2081/Glassblower/Piccadilly For those that haven't been before, we have exclusive use of the 1st floor bar from 19:00, talks start at 19:30, and there is food and real ale to accompany our excellent speakers... This time we've got: - Bluetooth fun Wargames - Christer Mr K (long talk, double slot) - 'hacking rogue for fun profit (mostly profit)' - freakyclown - Coring BlueCore - Mark CFP is open for Jan/Feb meetings - please submit your proposals to me and/or alien ([EMAIL PROTECTED]) I hope to see you there! http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON meet - DC4420 - Thursday October 23rd
folks, thanks to alien quietly beavering away behind the scenes, we've managed to pull a great October meet together... The Talks! - Introduction to GNU Radio - Dominic - OpenVAS - TimB - the autom8ton guide to locks - R2Z+CBI/O=BBUK - Rich Smith GNU Radio + the locks will break down into workshops and social drinky things so you can touch/play with the stuff talked about. bring your picks and your brain. Where? Upstairs @ Glassblower http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr 42 Glasshouse St, Piccadilly, W 1B 5JY doors open from 7, speaking starts from 7.30 - please try and be prompt as some people need to go early to get trains back out of London. we have private use of the whole of the upstairs till close. real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar' ^ ^ other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. even more stuff on draught : Becks, Fosters, 1664 food menu is extensive and most importantly : they do Pie, but heed the warning!!! eat by nine or eat somewhere else as the kitchens close relatively early!!! see you there... cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London - DC4420 - September meet this Thursday 11th
yes, we've recovered enough from the rigours of DC16 to be able to scrape together another London meet, this Thursday, at the Glassblower... http://www.beerintheevening.com/pubs/s/20/2081/Glassblower/Piccadilly as usual, we have our own room with it's own bar (1st floor, with it's own entrance from the street or from the back of the downstairs bar). as well as real ales and wife beater, good food is also available but last food orders are strictly at 21:00, so make sure you get yours in in plenty of time and don't go hungry like i did last time!!! :P meet starts at 19:00, talks at 19:30 this month we have: DEFCON badges - i will go through some of the cool stuff you can do with these, including my own 'tv-be-a.d.d.' hack... i'll also have a couple of human badges to donate to whoever comes up with the coolest potential projects (and promise to come back and demo them!) Merlin's DEFCON experience Tompsci - Windows DLL trampolining ... and anyone else that feels like it on the night. all are welcome, but don't forget we run Fight Club rules... if this is your first night, you *will* talk... ; cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON June meet - DC4420 - Thursday 5th June
hey all, it's that time of the month again! so we present to you : DC4420 June @ the Glassblower: - Wargames! The Winning team will be presenting 'how they did it' - (note:everyone should buy them Guinness. Schwag will be awarded as well) - Last-minute hastily-put-together presentation on locks. autom8ton - bring your locks/picks and we'll have a workshop afterwards. - New speaker! Alex talking about Social engineering - 5 minute slot - a demo by Richard. (demo is such a lovely term for a talk, could be anything!) - MM will be calling for participation in an art project. If you have camera equipment, film making skills, editing skills, music/dubbing skills, please step forward! This is going to be fun, and to do with RFID. It's entitled PARFID: Passive Aggressive RFID. RFIDIOts fight back!. Also, please get in touch with me or alien if you would like to talk at the July meeting, June is now full :-) There will be workshops after the talks - please bring locks + picks if you have them (and are legally entitled to carry them!) :P Where? Upstairs @ Glassblower http://maps.google.com/maps?f=qhl=engeocode=q=W1B+5DLie=UTF8ll=51.510625,-0.136878spn=0.00629,0.021415z=16iwloc=addr 42 Glasshouse St, Piccadilly, W 1B 5JY doors open from 7, speaking starts from 7.30 - please try and be prompt as some people need to go early to get trains back out of London. we have private use of the whole of the upstairs till close. real ale on draught : Adnams Broadside + Spitfire, 'Buccomb' and 'Doombar'. other stuff on draught : Guinness, Staropramen, Hoegaarden, Leffe. even more stuff on draught : Becks, Fosters, 1664 food menu is extensive and most importantly : they do Pie. as always, details discussions here: http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON meet - Thursday 1st May - DC4420
hey all, following the roaring success of last month's meeting, we've had to switch venues yet again just to fit you all in! the new venue (and hopefully our new home) in the centre of london will be: The Glassblower, 42 Glasshouse Street, London, W1B 5DL details here: http://www.beerintheevening.com/pubs/s/20/2081/Glassblower/Piccadilly we have our own upstairs room with bar and private entrance from the street (you can get to it from inside as well). they do good food and have decent beer with twigs in for those of you (like me) that are not happy with pints of wife beater... they also have a big screen so everyone can see wtf is going on, which was a bit of a problem with the last place... please mail me or alien if you have something to talk about, otherwise just come along and meet the crew and we'll play it by ear... more details/discussion here: http://dc4420.org see you thursday! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DEFCON meet - DC4420 - New Venue - Wednesday 2nd April, 2008
i'm very pleased to (finally) announce a meet for 2008... we've got a new venue which we're trying out, so hopefully we'll solve the problem of non-exclusivity which we've suffered at the last few meets, as well as a more central location which should be easier for folks to get to... meet will be at the St. George's Tavern, Victoria: http://www.beerintheevening.com/pubs/s/17/174/St_Georges_Tavern/Victoria starting at 19:30 on Wednesday 2nd April, 2008. we have the lower bar all to ourselves until closing time, but if you avail yourselves of the excellent food upstairs please let them know you are there for the meeting as that will help with future bookings etc. there is no permanent screen at this venue so i'm hoping to acquire a projector in time for the meet, but if anyone has one we can borrow for the evening as a standby please get in touch with me or alien... we will have some special guests this month: Jeff Dark Tangent Moss - founder of DEFCON BlackHat Matt Barkode Lewis of Ninja Networks party fame :) Dave H1kari Hulton - FPGA guru and Toorcon organisor i'm hoping H1kari and Steve can be prevailed upon to give a potted version of their GSM cracking talk, but at the least i'm sure they'll be able to give us an update on progress... Barkode is making a documentary about the last 10 years of the hacking scene and will have a cameraman with him, so if you have any tales to tell (or know someone who should be in it), please come along and participate (note that if you are camera shy that will be respected - filming will be discrete and optional). if no-one else comes forward i will give the satellite talk i've been promising for the last god knows how many meets (and i've even got slides!!! honest!!! :P ) i hope to see you all there, and if you have a presentation let me or alien know so we can get it into the schedule... cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DC4420 - London DEFCON chapter Christmas Party - 11th December
hi all, you are cordially invited to the final DC4420 meet of 2007, which will be held on Tuesday the 11th December, at the usual location - Charing Cross Sports Club, Charing Cross Hospital: http://www.multimap.com/map/browse.cgi?lat=51.4857lon=-0.2194scale=5000icon=x more info here: http://dc4420.org we have the bar to ourselves and there will be no particular agenda other than drinking the place dry, eating good food and socialising, but we will definitely also be celebrating Alien's continued presence on our home planet after his near miss with the man in the black cloak! all are welcome... fight club speaking rules are suspended for the evening, so bring a friend or two and make this a party to remember! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London DC4420 meet - Monday 24th September
To quote Alien from the 4420 website: Monday 24th September, 2007 starting at 19:30 -room private till 21:30 then we might pop out to a certain local again... :-) Location: Charing Cross Sports Club, Charing Cross Hospital Tube: Hammersmith or Barons Court http://www.multimap.com/map/browse.cgi?lat=51.4857lon=-0.2194scale=5000icon=x Note: it's MONDAY this time! If you haven't been before, please do come. We've got some great talks coming in the next few months Smiley Talks Planned: - Injecting RDS-TMC Traffic Information Systems - Andrea Barisani. This talk is HIGHLY recommended - fresh from appearing at Blackhat, this is a great project that will amuse and inform you.. great possibilities. - 'MPLS Security' - Thorsten Fischer - what it is, what people are doing about it and the current issues with it. - 10 min special - TBA Additionally - we will have 36Gb of WPA rainbow tables courtesy of the Church of Wifi available - bring your laptop diskspace and grab it whilst you can. Zac Major hope to have something cool to show you too... Oh, and we'll have DC15 stickers as well :-) All welcome bring a friend. More details here: http://dc4420.org cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
London DC4420 meet - Wednesday 17th January, 2007
Happy New Year etc... Hopefully that's the last time this year I'll need to say that! :) I hope you all had a refreshing and constructive break and are looking forward to phun and games in 2007... For our part, we will be kicking off with a meet next Wednesday, January 17th, 2007 at the Charing Cross Sports Club, Hammersmith, starting at 19:30... Map location here: http://www.multimap.com/map/browse.cgi?lat=51.4857lon=-0.2194scale=5000icon=x Nearest tube Hammersmith or Barons Court. I have no idea what talks will materialize, but last time we had too many to fit in so I don't expect there to be a shortage... I've got a few RFID issues to report, and will be doing an experiment in London in the morning, so I'm crossing all my bits that I'll have something quite cool to show for it... :P We are in the process of replacing our webserver, which has given sterling service but is now suffering from advanced senile dementia, so apologies if you have trouble getting in over the next couple of days... Normal service will be resumed shortly... http://dc4420.org Looking forward to seeing you there! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!
calling all London based hackers, security professionals, feds, geeks, nerds, groupies and scene whores... on behalf of DC4420, i'm pleased to announce the inaugural meeting of the London DC group, and invite you to come and drink, talk and set the agenda for the year to come... the venue will be our regular future meeting place, and we are lucky enough to have found one with good beer, a private room (with it's own bar), meeting facilities and plenty of room for growth... should we overwhelm the pub, there's always Olympia over the road... :P there will be a projector for those that want to give presentations, but the main aganda for this meeting, apart from emptying the cellar, will be, errr... to set the agenda... see http://forum.defcon.org/showthread.php?t=6722 for discussion on meeting format... event location: (upstairs function room) The Hand Flower 1 Hammersmith Road London W14 8XJ http://www.fancyapint.com/main_site/thepubs/pub1835.htm map: http://www.multimap.com/map/browse.cgi?client=publicsearch_result=db=pccidr_client=nonelang=pc=W148XJadvanced=client=publicaddr2=quicksearch=W14+8XJaddr3=addr1= time: 19:00 till closing date: thursday 15th december, 2005 i look forward to seeing you there... cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones...
password leak in IBM WebSphere / HTTP Server / ikeyman
Geeks,
Apologies for the lack of b4d sp3ll1ng and WeIrD CaPiTAliSation, but I'm
really not in the mood... :P
IBM WebSphere has the option to use the IBM HTTP Server as it's
underlying web server. If you do this, you have the further option to
use SSL connections. If you do this, you must create a "key database"
using the tool "ikeyman" to store your server certificate/key pair. The
key database must have a password to protect it, which is not allowed to
be null. IBM, in their documentation, give sage advice about the
importance of this password, and what lengths you should go to choose a
good one:
Setting the database password
When you create a new key database, you specify a key database
password. This
password is important because it protects the private
key. The private key is the only key that can sign documents or
decrypt
messages encrypted with the public key. It's a good practice to
change the key database password frequently.
Use the following guidelines when specifying the password:
The password must be from the U.S. English character set.
The password should be at least six characters and contain at
least two
nonconsecutive numbers. Make sure the password
doesn't consist of publicly obtainable information about you,
such as
the initials and birth date for you, your spouse, or
children.
Having created your database, you must store the password in a "stash"
file, which the web server will read. Unfortunately, the stash file can
be "decrypted" with the following code:
--- start unstash.pl ---
#!/usr/bin/perl -w
#
# unstash.pl - "decrypt" IBM HTTP server stash files. No, really. They
*are* this pathetic.
#
# sploit (BoByRiTe) 1999, Major Malfunction, code by Ben Laurie, cos I
dudn't dud perly thing.
use strict;
die "Usage: $0 stash file\n" if $#ARGV != 0;
my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";
my $stash;
read F,$stash,1024;
my @unstash=map { $_^0xf5 } unpack("C*",$stash);
foreach my $c (@unstash) {
last if $c eq 0;
printf "%c",$c;
}
printf "\n";
--- end unstash.pl ---
The problem here is not that the stash file exists in the first place,
as, unless there is some external token based system, there is no real
way around the problem of automating startup securely, but that it is
disguised as a "secure" part of the system. This is liable to lead to an
exploit of other facilities via the re-used password stored in this
file.
I am not sure what other IBM applications (if any) use ikeyman, but if
there are any they may have similar problems.
IBM were made aware of this a couple of weeks ago, and have stated that
they will update their documentation to explain the situation better,
and make lusers aware of the risks...
cheers,
MM
--
my, my... no sig! do I detect the Hand of Gates?
