Finally our BIG workshop project will be our own instance of Open Street Map! We are going to include on our instance all the working pay phones, power plugs, cyber cafes, Bitcoin ATMs and more!
07:00 |
Meet & Greet & GPG Key-Signing Party
(40 minutes)
This is when we gather and catch up after not seeing each other in person for a month. We encourage GPG Key sharing (and any other form of crypto fingerprinting) and if you are new to GPG just ask any of our founders and we will catch you up to speed teaching you how to create your own and use them for your privacy! |
07:40 |
Social Engineering: A Primer
Talk by Sidepocket (10 minutes) :..>One of the biggest yet often underused tools in the hacker toolkit, Social Engineering is the art of manipulating a person using the oldest programming language in existence: Human Spoken Language. Some of the biggest hacks, heists, calamities, peace treaties and elections were made through the use of social engineering. This primer will give an introduction and in depth look to methodologies to social engineering (Recon, Body Language, Conversation Flow, Mind Games, Scams, ect) and techniques that the author has found to be the most successful. :..>Bio: Sidepocket is an awful human being that for some reason people listen to. A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, he is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org |
07:50 |
API Vulnerabilities and Blast Radius of Microservices
Talk by Tom Czarniecki (10 minutes) :..>Splitting up a monolith into microservices is now becoming a common practice in startups when they reach a certain size. While for most this may be a good choice, it does not come for free. Aside from increased observability, reliability and performance requirements, this approach brings in a number of fresh application vulnerabilities, and re-introduces some old ones. This presentation will attempt to list a few of these, their reasons, and their blast radius, including the risk of some truly impressive cascading failures. :..>Bio: Tom Czarniecki has been a system breaker, UI developer, devops shaman, microservice architect, AWS trainer and infrastructure architect. He loves making things and breaking things and making things to break things makes him particularly happy. Currently he is the technical lead for application security at DigitalOcean. Previously he was the technical lead and founder of the engineering teams at SoundCloud NYC and before that Tom was a lead consultant at ThoughtWorks for longer than he cares to remember. More info at: https://watchitlater.com/blog/ |
08:00 |
How the World Crumbles Beneath Our Feet
Talk by Vi (20 minutes) :..>The Internet today, like roads and bridges, has gone from being useful to being infrastructure, convenient to the point where society advances with the expectation that it is available and that people having working access to it. What happens if that infrastructure breaks? :.>Bio: Vi is a software engineer, information security researcher, cryptographer, consultant, and presenter with over a decade of knowledge in front-end web development and over 5 years of back-end server development and information security experience. Technology is a quickly changing field and he always seek new intellectual challenges to overcome. Vi’s hobbies include lock picking, puzzle solving (including Rubik’s Cubes), design and illustration, cryptographic challenges, and studying information theory and computer history. More at: https://vigrey.com/ |
08:20 |
Intro to Open Street Map
Keynote by bhousel, Sidepocket (Back Up) (10 minutes) :..>OpenStreetMap is a collaborative project to create a free editable map of the world and is a prominent example of volunteered geographic information. Created by Steve Coast in the UK in 2004, it was inspired by the success of Wikipedia and the predominance of proprietary map data in the UK and elsewhere. Since then, it has grown to over 2 million registered users. This is a crash course in collecting data using manual survey, GPS devices, aerial photography and other free sources. We will also go over the OSM editing suits id, Potlatch, JSOM and GNOME Maps along with the overal Open Street Cam resource website. Afterwards our instructors and DEFCON 201 Members will go directly into the Mapathon Open Workshop! :..>Bio: (bhousel, Sidepocket [backup]) TBA |
08:30 |
DEFCON 201 Open Street Maps Project
(1 hour, 30 minutes)
The DEFCON 201 Open Street Maps (OSM) Project is an hosted instance of Open Street Maps that will be a living map of all resources that hackers can use in the 201 Area. This includes working payphones, public power plugs, Bitcoin ATM Machines, free Wi-Fi access points, hackerspaces, security cameras, halfway houses, cyber cafes and more. Think of it as an open source Motorist Green Book for hackers. Workshop attendees will get familiar with basic cartography and map editors like iD, JSOM and GNOME Maps to edit on hand GPS and location data. They will then add previously recorded data into our first instance of Open Street Maps to build this project. WEATHER PERMITTING we will also have two groups of four people (min) to get off their buts and go on a mapping adventure! Folks will have their phones loaded with OsmAnd (Android & iOS) and optionally OSM Contributor Mapping Tool (Android) or Go Map!! (iOS) with one group in Hoboken (on foot) and one in Jersey City (dropped off and picked up via car) on foot to explore a selective area for GPS and visual data with the primary target being pay phones. Mapathon GPS Leaders will also have tools and tricks to test out the payhones, power plugs, Wi-Fi and other mapping points of interests. Regardless the entire MAPATHON is deigned to be done entirely indoors if weather is bad juju. :..>What To Bring: Armchair OSM Editors must bring a laptop (preferably running GNOME) with a working up-to-date browser that can run both HTML 5 and Java. You should also run an IRC client on channel #DEFCON201 connected to chat.freenode.net SSL ( ports 6697, 7000 and 7070) or on Tor at freenodeok2gncmy.onion with SASL Authentication. Members who have signed up on our mailing list can also use Riot.IM. GPS Mapathon Groups should bring either a GPS Device that can dump data to a desktop OR a phone with one of these GPS mapping apps loaded on it. GPS Mapathon Groups can also optionally bring phreaking equipment, lockpicks, voltage testers, WiFi Sniffers, radio scanners and any other portable device that can pull metrics/manipulate devices: OsmAnd (REQUIRED): http://osmand.net/ OSM Contributor Mapping Tool (Andriod): https://play.google.com/store/apps/details?id=io.mapsquare.osmcontributor&hl=en Go Map!! (iOS): https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=592990211&mt=8 GPX (Windows): https://www.microsoft.com/en-us/store/p/gpx-viewer-and-recorder/9nblggh4w2z7?rtc=1 |