Shadow Systems
Shadow Systems

We're an Information Security Collective. Welcome to the madness. Follow us on Twitter, SoundCloud, and LobsterTell. LobsterTell isn't a real thing, but it's believable, isn't it? That's really sad.

Twitter


Shadow Systems

Dallas Hackers After Hours

Dallas Hacker's Association's monthly after party/podcast.

The episode that should not be! Listen and you'll agree...outbid WhiskeyNeon for the right to the outro or nobody will ever hear it- http://www.ebay.com/itm/-/221915909933
Hosted by WhiskeyNeon, featuring this months guests: Wirefall, Wuming, and NPCSwag

Download: MP3 1 hr 20 min (65.2MB)

DHAfter Hours - October 2015

The episode that should not be! Listen and you'll agree...outbid WhiskeyNeon for the right to the outro or nobody will ever hear it- http://www.ebay.com/itm/-/221915909933 Hosted by WhiskeyNeon, featuring this months guests: Wirefall, Wuming, and NPCSwag Download: MP3 1 hr 20 min (65.2MB)…

WhiskeyNeonWhiskeyNeon

ARP poisoning, DNS spoofing, malware outbreaks, phishing attacks, conspiracies, GPU cracking, OSINT madness, and dropped SIP packets. This, ladies and gentlemen, is Dallas Hackers After Hours.
Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, Emperor Cow, julz, Thomas, VaultDweller, and Woody.

Download: MP3 1 hr 53min (93 MB)

DHAfter Hours - September 2015

ARP poisoning, DNS spoofing, malware outbreaks, phishing attacks, conspiracies, GPU cracking, OSINT madness, and dropped SIP packets. This, ladies and gentlemen, is Dallas Hackers After Hours. Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, Emperor Cow, julz, Thomas, VaultDweller, and Woody. Download: MP3 1 hr 5…

WhiskeyNeonWhiskeyNeon

Tail light telematics, iPod phones, python goodness, web hacking trends, and absolute mayhem! If you can't stand listening to all 2-hours then at least skip to the end to hear Tinker's take of a falsetto...
Hosted by WhiskeyNeon, featuring this months guests: Wirefall, Tinker, and wuming.

Download: MP3 2 hr 11min (110.9 MB)

DHAfter Hours - August 2015

Tail light telematics, iPod phones, python goodness, web hacking trends, and absolute mayhem! If you can't stand listening to all 2-hours then at least skip to the end to hear Tinker's take of a falsetto... Hosted by WhiskeyNeon, featuring this months guests: Wirefall, Tinker, and wuming. Download: MP3 2 hr 11min (110.9 MB)…

WhiskeyNeonWhiskeyNeon

Malware, crypto, pirate boxes, and a whole lot of tomfoolery...
The Dallas Hackers Association's monthly after party/podcast: Dallas Hackers After Hours recorded on July 1, 2015.
Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, R41nM4k3r, and Shock.

Download: MP3 2 hr 45 min (137.7 MB)

DHAfter Hours - July 2015

Malware, crypto, pirate boxes, and a whole lot of tomfoolery... The Dallas Hackers Association's monthly after party/podcast: Dallas Hackers After Hours recorded on July 1, 2015. Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, R41nM4k3r, and Shock. Download: MP3 2 hr 45 min (137.7 MB)…

WhiskeyNeonWhiskeyNeon

Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, Isac, Oneline, Logicwerks, Mr. Chin, r3x3r, and Ron Mexico.

News

  • isac is coordinating BSidesDFW as a joint collaboration from DC214, DHA, and The Lab.ms.
  • DHA has a website. It’s dallashackers.com, or something. Submit an ASCII art banner, and Tinker will mow your lawn.

Talks

Kevin: Get out of the dragnet!

  • Encrypt Linux Mint, buy a VPN with Bitcoin (at an ATM!), and Linkin Park!
  • Kevin bought us beer, and is a man!
  • Isac encourages sticking up a CoolBrews and steal the entire Bitcoin ATM.
  • WhiskeyNeon loves to look at your blockchain.

r3x3r: Bash My Life

  • Bash has always been there.
  • We all did the Windows thing, but it was just a phase.
  • Mr. Chin fell asleep.
  • Bash helps you find out what happens in the hour.
  • What?
 gawk; grep; unzip; touch; strip; init,
 uncompress, gasp; finger; find,
 route, whereis, which, mount; fsck; nice,
 more; yes; gasp; umount; head, halt,
 renice, restore, touch, whereis, which,
 route, mount,
 more, yes, gasp, umount, expand, ping,
 make clean; sleep

Tazz and Dr. Bones: A Cornucopia Fire Talk

  • N0D — A script using MalwareDomains.com to blacklist malware on networks.
  • PaymentCardProject — Partial credit card number completion script for OSINT fun.
  • Barcade Hax — Brainstorming ideas for exploiting an “adult arcade” for fun and profit. Similar to INIT_6's discussion in April’s episode.
  • Mr. Chin leaves early again.
  • Race Conditions (not Ferguson-related) were exploited in the Starbucks gift card vulnerability.

Oneline: Power Grid Vulnerabilities

  • Old infrastructure works but is very fragile.
  • New infrastructure works but is very fragile, too.
  • WhiskeyNeon is reminded of Watchdogs.
  • Why hack the grid when a potato gun and chain can achieve the same result?
  • A coordinated team could take out a power station with hunting rifles.
  • Oneline now has a lab for testing vulnerabilities provided by Schweitzer Engineering.
  • Wirefall’s daughter needed a working USB cable to charge her phone.
  • Firmware is updated somewhat frequently by physical console access.
  • Default credentials are hardly ever changed.
  • Tons of D-Link routers are susceptible to NetUSB vulnerability.
  • Use a MMDS down-converter and a RTL-SDR to read smart meter data.
  • Wirefall has a good idea for attacking the grid, and Oneline shoots it down.
  • WhiskeyNeon proposes time-shifting power usage on a smart meter using a HackRF, faraday cage, and the MMDS/RTL-SDR. Put the MMDS/RTL-SDR inside the cage with the smart meter, and read the legitimate data. Use the HackRF to broadcast the data back into the network using information from 12 hours earlier to minimize costs while variable billing is in effect. Oneline gives his approval for this idea. The idea would be great for grow houses, since smart meter data has been used to bust grow houses.
  • Voltage regulators can explode by flipping a switch (under the right operating mode).
  • If you own a SEL-3530, you have the keys to the kingdom.

Vernon: Python+Tkinker Flight Simulator

  • The demo had a crash landing, but next month’s demo will happen with no delays.

What Do Our Handles Mean?

  • Oneline — The basic drawing when determining where a problem lies when investigating a power systems failure.
  • Wirefall — He loves spoonerisms and wirefall is a spoonerism of firewall. In the military, he worked in radio communications. Radio comms are the “fall of the wire”.
  • Logicwerks — No details given- probably a crazy ex is involved.
  • WhiskeyNeon — Whiskey is good, and is the NATO phonetic pronunciation of “W”. Neon is sexy and cyberpunk. BourbonXenon is his darkweb handle.
  • r3x3r — Rex is r3x3r’s real name- just without the 1337-ness.
  • Tinker — Comes from tinkerer, also has a Rule 34 fetish for Tinkerbell.
  • isac — Isac is not named Isac. He chills in Waldenbooks and is a saint.
  • Ron Mexico — He gave this girl herpes this one time. Unrelated- cosplays as Chewbacca.

Discussions

Venom Happened

  • Venom, the QEMU/KVM/VirtualBox/Xen vulnerability
  • Tinker is now Internet famous.

The Cryptowar Was An Inside Job

  • The FBI hates crypto. Alot.
  • Most people don’t like the idea of backdoored crypto.
  • Backdoors will enable more whistleblowers.
  • Backdoors in crypto is a red herring, according to Tinker. Wassenaar is the real deal.
  • The Wassenaar Arrangement is horrible.
  • If the DHA is deemed unlawful, “we fuck ‘em”.
  • The Arrangement is open for formal public comment, so please share your opinion.
  • The difference between government and organized crime is that one has a flag outside of it’s building and the other is organized.

Hola!

  • Hola is a VPN service founded by Ron Mexico, designed to assist users bypass media blockades by sharing connections between users. The parent company offers the use of the entire network to whomever pays them.
  • Hola just happens to be really vulnerable, and you should uninstall it now.
  • DHA recommended VPNs are Cryptostorm and NordeVPN.
  • Reddit, as a company, is corrupt. Since the recording of the podcast, the Reddit Revolt has begun. WhiskeyNeon is obviously responsible for this.

Hidden Services Deanonymization

  • Tor connections to hidden services could be easy to de-anonymize
  • WhiskeyNeon proposes a hidden services honeypot to monitor any incoming connections from rouge nodes.

The Lab’s Annual Meeting

  • The Lab has signed the lease on a location.
  • Special membership prices last until December 31.
  • Check out the meetup group and be apart of it!

Download: MP3 2 hr 30 min (116.7 MB)

DHAfter Hours - June 2015

Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, Isac, Oneline, Logicwerks, Mr. Chin, r3x3r, and Ron Mexico. News isac is coordinating BSidesDFW as a joint collaboration from DC214, DHA, and The Lab.ms. DHA has a website. It’s dallashackers.com, or something. Submit an ASCII art banner, and Tinker will mow your la…

WhiskeyNeonWhiskeyNeon