Hosted by WhiskeyNeon, featuring this months guests: Tinker, Wirefall, Isac, Oneline, Logicwerks, Mr. Chin, r3x3r, and Ron Mexico.
- isac is coordinating BSidesDFW as a joint collaboration from DC214, DHA, and The Lab.ms.
- DHA has a website. It’s dallashackers.com, or something. Submit an ASCII art banner, and Tinker will mow your lawn.
Kevin: Get out of the dragnet!
- Encrypt Linux Mint, buy a VPN with Bitcoin (at an ATM!), and Linkin Park!
- Kevin bought us beer, and is a man!
- Isac encourages sticking up a CoolBrews and steal the entire Bitcoin ATM.
- WhiskeyNeon loves to look at your blockchain.
r3x3r: Bash My Life
- Bash has always been there.
- We all did the Windows thing, but it was just a phase.
- Mr. Chin fell asleep.
- Bash helps you find out what happens in the hour.
gawk; grep; unzip; touch; strip; init,
uncompress, gasp; finger; find,
route, whereis, which, mount; fsck; nice,
more; yes; gasp; umount; head, halt,
renice, restore, touch, whereis, which,
more, yes, gasp, umount, expand, ping,
make clean; sleep
Tazz and Dr. Bones: A Cornucopia Fire Talk
- N0D — A script using MalwareDomains.com to blacklist malware on networks.
- PaymentCardProject — Partial credit card number completion script for OSINT fun.
- Barcade Hax — Brainstorming ideas for exploiting an “adult arcade” for fun and profit. Similar to INIT_6's discussion in April’s episode.
- Mr. Chin leaves early again.
- Race Conditions (not Ferguson-related) were exploited in the Starbucks gift card vulnerability.
Oneline: Power Grid Vulnerabilities
- Old infrastructure works but is very fragile.
- New infrastructure works but is very fragile, too.
- WhiskeyNeon is reminded of Watchdogs.
- Why hack the grid when a potato gun and chain can achieve the same result?
- A coordinated team could take out a power station with hunting rifles.
- Oneline now has a lab for testing vulnerabilities provided by Schweitzer Engineering.
- Wirefall’s daughter needed a working USB cable to charge her phone.
- Firmware is updated somewhat frequently by physical console access.
- Default credentials are hardly ever changed.
- Tons of D-Link routers are susceptible to NetUSB vulnerability.
- Use a MMDS down-converter and a RTL-SDR to read smart meter data.
- Wirefall has a good idea for attacking the grid, and Oneline shoots it down.
- WhiskeyNeon proposes time-shifting power usage on a smart meter using a HackRF, faraday cage, and the MMDS/RTL-SDR. Put the MMDS/RTL-SDR inside the cage with the smart meter, and read the legitimate data. Use the HackRF to broadcast the data back into the network using information from 12 hours earlier to minimize costs while variable billing is in effect. Oneline gives his approval for this idea.
The idea would be great for grow houses, since smart meter data has been used to bust grow houses.
- Voltage regulators can explode by flipping a switch (under the right operating mode).
- If you own a SEL-3530, you have the keys to the kingdom.
Vernon: Python+Tkinker Flight Simulator
- The demo had a crash landing, but next month’s demo will happen with no delays.
What Do Our Handles Mean?
- Oneline — The basic drawing when determining where a problem lies when investigating a power systems failure.
- Wirefall — He loves spoonerisms and wirefall is a spoonerism of firewall. In the military, he worked in radio communications. Radio comms are the “fall of the wire”.
- Logicwerks — No details given- probably a crazy ex is involved.
- WhiskeyNeon — Whiskey is good, and is the NATO phonetic pronunciation of “W”. Neon is sexy and cyberpunk. BourbonXenon is his darkweb handle.
- r3x3r — Rex is r3x3r’s real name- just without the 1337-ness.
- Tinker — Comes from tinkerer, also has a Rule 34 fetish for Tinkerbell.
- isac — Isac is not named Isac. He chills in Waldenbooks and is a saint.
- Ron Mexico — He gave this girl herpes this one time. Unrelated- cosplays as Chewbacca.
- Venom, the QEMU/KVM/VirtualBox/Xen vulnerability
- Tinker is now Internet famous.
The Cryptowar Was An Inside Job
- The FBI hates crypto. Alot.
- Most people don’t like the idea of backdoored crypto.
- Backdoors will enable more whistleblowers.
- Backdoors in crypto is a red herring, according to Tinker. Wassenaar is the real deal.
- The Wassenaar Arrangement is horrible.
- If the DHA is deemed unlawful, “we fuck ‘em”.
- The Arrangement is open for formal public comment, so please share your opinion.
- The difference between government and organized crime is that one has a flag outside of it’s building and the other is organized.
- Hola is a VPN service founded by Ron Mexico, designed to assist users bypass media blockades by sharing connections between users. The parent company offers the use of the entire network to whomever pays them.
- Hola just happens to be really vulnerable, and you should uninstall it now.
- DHA recommended VPNs are Cryptostorm and NordeVPN.
- Reddit, as a company, is corrupt. Since the recording of the podcast, the Reddit Revolt has begun. WhiskeyNeon is obviously responsible for this.
Hidden Services Deanonymization
- Tor connections to hidden services could be easy to de-anonymize
- WhiskeyNeon proposes a hidden services honeypot to monitor any incoming connections from rouge nodes.
The Lab’s Annual Meeting
- The Lab has signed the lease on a location.
- Special membership prices last until December 31.
- Check out the meetup group and be apart of it!
Download: MP3 2 hr 30 min (116.7 MB)