DEFCON 201 Online Meet Up — September 2020 — Egg Freckles

DEFCON 201
Sep 12 · 9 min read
Image for post
Image for post

Date: September 18th, Friday

Time: 4:00 PM EST — 7:40 PM EST (~9:00 PM EST ONLINE)

Location: ONLINE (SEE BELOW), LIMITED SEATING @ Sub Culture (260 Newark Ave, Jersey City, NJ)

Meet-Up: https://www.meetup.com/DEFCON201/events/272716088/

Facebook: https://www.facebook.com/events/655322292051918/

Write.As [TOR]: http://writeas7pm7rcdqg.onion/defcon201/defcon-201-online-meet-up-september-2020-egg-freckles

Hackaday: https://hackaday.io/page/9277-defcon-201-online-meet-up-september-2020-egg-freckles

::DEFCON 201 — CODE OF CONDUCT::


Welcome to the September 2020 DEFCON 201 Meet Up!

So we are all stuck at home because COVID-19 is the song that will never end. The West Coast is burning. The East Coast is underwater. And in the mist of all of this with a nightmare election coming up…Apple decides to hold an event showing off the overpriced closed-sourced products. Because of course they would.

That’s why we have decided to take this golden oprotunity to have a DCG 201 meeting theme we have wanted to do for a very long time: Hacking Apple. If you are one of the many people who struggle with XCode and Swift, own an iPhone that won’t have any games besides Apple Arcade, run a Mac that will cost an ARM and a leg, can’t play Fortnite or XCloud on your iOS device or someone who remembers when Newton was the shit, this is the meeting for you. Be prepared for a crazy live stream with limited in person seating watching hackers in New Jersey and all over the world throw a sledgehammer at the screen and break down Apple walled gardened.

Tim Apple will be proud. #AppleEvent

Details of the in-person meet below:

Now, there will be some ground rules here. To meet in person, we will have a hard MAX limit of 20 people, thus you MUST RSVP on EventBrite to be counted.

You MUST purchase a food or beverage item. Meeting will be outside in the outdoor pen. You MUST have a mask on at ALL TIMES when not eating. You must be 6 feet apart unless you came together in a group. We will provide sanitation measures. Anyone who is a knucklehead will be thrown into the Hudson River with the rest of Florida.

If you can’t make it or too afraid, RELAX! All activities, chats, talks, workshops and DC 201 insanity will be broadcasted online via our LIVE STREAMS per the new normal! We are so excited to finally do some actual mask-to-mask social distancing AFK and we can’t wait to see you all because we have quite the line up with something for everyone!

Live Streams:

Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Facebook: TBA

EMAIL US TO INQUIRE FOR VIDEO CONFERENCING LINK!

If you like to do a talk at our meet ups our collaborate with our staff and members in a project partnership shoot us a email at:

INFO {at} DEFCON201 [DOT] ORG


.::AGENDA & SCHEDULE::.

ALL TIMES ARE EASTERN STANDARD (EST)
4:00pm — 4:50pm
AFK: Meet & Greet+ Open Workshop Projects
ONLINE: The Fifth HOPE (2004): Steve Wozniak Keynote
4:50pm — 5:00pm
A Marathon Of Mac Gaming — MrMacRight
5:00pm — 6:00pm
The Rise Of Mac Malware — Thomas Reed
6:00pm — 6:30pm
Abusing & Securing XPC in macOS Apps — Wojciech
6:30pm — 7:00pm
macintosh.js — NCommander
7:00pm — 7:10pm
A Kinky Hack To Sideload iOS Applications — Sidepocket
7:10pm — 9:00pm???
Old Man Yells At iCloud — Xio

.::OPEN PROJECTS::.

Open Jam 2020 — https://openjam.io/

Folding@Home VS Coronavirus (Team: 241960) — GI Jack, Everyone

.::LIGHTNING TALKS::.

The Fifth HOPE (2004): Steve Wozniak Keynote

:..>Lets take a trip back down memory lane with a limited reairing at the historic (yet forgotten about) keynote from The Fifth HOPE (Hackers On Planet Earth) with Apple Co-Founder and guy who actually did all the work; The Wonderful Wizard Of Woz!

:..>Bio: Stephen Gary Wozniak also known by his nicknames “Woz” and handle “Berkely Blue”, is an American electronics engineer, programmer, philanthropist, and technology entrepreneur. In 1976, he co-founded Apple Inc., which later became the world’s largest information technology company by revenue and the largest company in the world by market capitalization. Through their work at Apple in the 1970s and 1980s, he and Apple co-founder Steve Jobs are widely recognized as two prominent pioneers of the personal computer revolution. As of November 2019, Wozniak has remained an employee of Apple in a ceremonial capacity since stepping down in 1985.

A Marathon Of Mac Gaming

:..>If Linux Gamers thought they had a bad rep, nothing will cause the PC Master Race to burst out laughing than Mac Gamers. Despite the countless jokes, Apple has had a long and crazy history in the video game space from the original first person shooter epic Marathon by Bungie (before Halo and Destiny became a thing), to the failed PiP!N home video game system and the release of downloadable games on the iOS AppStore. In this talk, MrMacRight will go over how Apple is pushing AAA gaming on their platforms and improving In-App purchases.

:..>Bio: MrMacRight covers everything Apple gaming related (iPhone, iPad, Apple TV, Mac and Apple Arcade) on his YouTube channel.

The Rise Of Mac Malware

:..>Contrary to most people’s expectations, the first widespread virus actually affected Apple computers. Join me for a journey through time, as we look at past Mac malware, focusing on when certain behaviors first emerged. Then fast forward through time, where we’ll see what today’s Mac threat landscape looks like, and what behaviors we’re seeing from Mac threats in the wild.

:..>Bio: Thomas Reed has been using Macs since 1984. He is a self-taught security researcher and Director of Mac & Mobile at Malwarebytes. In his spare time, he is an avid photographer.

Abusing & Securing XPC in macOS Apps

:..>XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple’s components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere — Anti Viruses, Messengers, Privacy tools, Firewalls, and more.

In this talk, I will:

  • Explain how XPC/NSXPC work.
  • Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t).
  • Abuse an interesting feature on Catalina allowing to inject an unsigned dylib.
  • Show you how to fix that vulnz finally!

:.>Bio: Wojciech is a Senior IT Security Specialist working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite — an opensource anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Fac ebook, Malwarebytes, Slack, Atlassian, and others. In free time he runs an infosec blog — https://wojciechregula.blog. Shared research on among others Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), AppSec EU (London, United Kingdom), CONFidence (Cracow, Poland), BSides (Warsaw, Poland).

macintosh.js

:..>Whether nostalgic for a simpler era or just wondering what computing was like 20-some years ago, Macintosh.js lets you find out. Built by developer Felix Rieseberg using Electron and Javascript, it emulates a 1991 Macintosh Quadra 900 running Mac OS 8.1. Thanks to a 1997 MacWorld Demo CD, it includes a number of apps and games, including Photoshop 3, Illustrator 5.5, Civilization II, and, of course, Oregon Trail. In this brief overview, NCommander of HACK + ALT + NCOMMANDER fame will do what he does best; disect this retro operating system and point out the quirks and WTF-ness of this unholy emulated beast.

:..>Bio: NCommander (@fossfirefighter) lives in Jersey City and is a contributor to multiple free and open-source software projects, an Ubuntu core developer, and an active developer for the Hermes Center for Transparency working on the GlobaLeaks project. In his free time, he likes to travel, write, and play with radios.

A Kinky Hack To Sideload iOS Applications

:..>The iOS AppStore. The store features around 1.8 million apps, earned over $155 billion to developers and has caused headaches for many from their kow-towing to China to their weird restrictions of video game streaming applications. The walled garden nature is it’s biggest strength, leading Apple to control all software with 1984 percision. Or can they? Thanks to a website that allows BDMS folks to kink out on the world wide shibari, we will walk through how they exploited the development mode of iOS and XCode to inject their own software bypassing Apple’s insular storefront. Then we will quickly go over how this blew a giant wall in Apple’s iOS software approval proccess opening up to a world that only Apple users can dream of and Android users do in this world outside of the Cult Of Mac called “reality”.

:..>Bio: A Co-Founder of DEFCON 201, an open group for hacker workshop projects in North East New Jersey, Sidepocket is constantly wanting to help people to get better at whatever they want to do and learn. He also has a history with NYC 2600, Radio Statler at Hackers on Planet Earth, Phone Losers of America, Museum of Urban Reclaim Spaces and The Yes Men. Find out more about DEFCON 201 at: http://www.defcon201.org

Old Man Yells At iCloud

:..>The Apple Computer 1, originally released as the Apple Computer and known later as the Apple I, or Apple-1, is a desktop computer released by the Apple Computer Company (now Apple Inc.) in 1976. Since then, Apple has left a legacy that has pissed a ton of people off from programmers, artist, buisnessmen and people name Tim. Few however, know the company and it’s hardware from it’s formation to the dumpster fire that is 2020. And so who better to cover it all than someone who is so retro you have to use a butter knife to rewind him! This rant on Apple products past and present will be so long and so foul that it will end and only end when Sub Culture shuts the place down and our livestream ends! Plus, comments from the peanut gallery (*cough*sirocyl*cough*NCommander*cough*Sidepocket*cough*) will cause this digital caveman to go into cardiac arrest before the #FailFactory he works at does!

:..>Bio: Interdisciplinary autodidacts always look bad on paper. Good hackers know they know not, and xio (@XioNYC) is of that rare breed which knows not that they know. He has experienced eight years of digital talking books from pre-production to shipped product, 12 years as an accessibility specialist, 16 years of video editing and DVD authoring, and over 24 years of broadcast radio, as well as a lifetime at the QWERTY and in deep thought.

.::OPEN PROJECTS::.

Image for post
Image for post

Open Jam 2020

:..>Open Jam is a game jam with 🖤. At Open Jam, you build an open-source video game over the weekend, rate other creators’ games, and compete for delicious open source karma. Open Jam is a game jam that promotes open source games and game creation tools. This jam encourages use of open source game engines, authoring tools, and platforms, and Creative Common assets, and to link those tools in your submission. Anything open source in your game creation process is encouraged! Open Jam is all about open games and open game development. Open Jam will be a 80 hour Jam based on a theme.

  1. Please stop by the community and introduce yourself or team and share your progress once the jam starts
  2. Join our discord channel if you want to keep in touch in real-time
  3. Follow these twitter accounts: @openjamio, @caramelcode, @mwcz
  4. Use social hashtag: #openjam2020

At the end of the weekend, release your game and code to the world, play other participants’ games, and rate them.

:..>What You’ll Need:

  • You can use any tools to create your game and it can run on any platform, open source tools and platforms are encouraged.
  • There is a new voting category for “Open Source Karma” based on open source friendly your game is i.e. how many open tools you used, if your game runs on an open platform, and a nice github repo. See table below.
  • It is very important to list all the open source tools you used and link to your git repo in your game entry, so you can get credit for your Open Source Karma
  • Games source should be available and licensed as open source.
  • You can create or use your own assets or use existing, openly licensed assets (e.g., Creative Commons).
  • You can work solo or on a team.
  • The theme will be announced at 1:00 PM September 18th (US Eastern).
  • Judging will be peer-based and and possible guest judges if not enough people rate games.
  • Games require a minimum of 10 ratings to place in the top 3.
  • Games must be original for Open Jam, they can’t be entries submitted to other game jams or forks of other games.

Folding@Home VS Coronavirus

:..>Folding@home (FAH or F@h) is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Currently F@h is simulating the dynamics of COVID-19 proteins to hunt for new therapeutic opportunities. We want to contribute and you can help! Join the DEFCON 201 Folding@Home Team: 241960

:..>What You’ll Need: Download and run Folding@home for Windows/Mac/Linux, ideally on your highest performance system with a GPU and join our F@h Team 241960: https://foldingathome.org/start-folding/

::END OF LINE::

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store