June 23rd, 2009
*In the LAST of this Series* (yes you read that right) we will be discussing EXPLOITATION. We will delve into the differences between a vulnerability and an exploit, discuss and understand how bugs in software lead to compromise, and see REAL LIFE EXAMPLES of vulnerable web applications, software, and operating systems.
We will be introducing a few new programs, all of which are available on the BackTrack distribution (fyi, they recently released a new version at http://www.remote-exploit.org/backtrack_download.html) However everything that we will be discussing is included on previous releases. If you are wanting to use your OWN operating system, make sure you download and install nmap, nessus, and the Metasploit 3.0 framework.
This session will probably be fairly lengthy, so if you are interested please come prepared.
Rube Goldberg Device
June 17th, 2009
Above is a Rube Goldberg device constructed by ulysses and cinus. The device is fairly simple as there are only 5 events involved in switching on the coffee maker.
A weight slides from atop the string, triggers a mouse trap, which then tugs another string allowing a battery to fall downwards into another mouse trap, closing a circuit.
The coffee makers momentary switch was removed from the PCB and instead replaced with two wires connected to the mouse trap. Once the mouse trap is triggered, the switch closes and turns on the coffee maker.
General meeting and cyber security
June 12th, 2009
Last night was our Thursday general meeting — the space is open every Thursday evening for anyone to come down and see what happens. We had a few new-ish faces in the space last night, including TensorFlux from Pumping Station: One, a hackerspace in Chicago. He was in the middle of a motorcycle touring/camping journey through a good chunk of the US and parts of Canada, and decided to stop by to visit CCCKC. Here, he’s catching up online while Ulysses works on a clever electronic art project.
As part of the general meeting, we usually offer talks and demonstrations on Thursdays. Last night, dj goku continued the Cyber Security series by setting up a group lab demonstration and hosting an open discussion on using SSH to tunnel and encrypt your insecure traffic on hostile networks. I actually learned that OpenSSH has its own SOCKS listener! All this time, I’ve been using a significantly more complicated setup with OpenSSH and Squid Proxy. In most cases, the -D [port] option to ssh will work just as well and is much easier to set up. I’ll see if dj goku has some slides and links that I can point you to, as I really enjoyed learning something new about a tool I’ve used for years!
After the Cyber Security discussion, Jim Emery used one of the ballasts in the workshop and bent up some metal strapping to build an impromptu Jacob’s Ladder. These are simple to make if you have the right power supply. They’re always a big hit, though!
ax0n (that’s me) worked on getting a 2-cycle engine working properly and attempted to get the drive mechanism fitted to it. The engine starts on the first pull now and runs great, but we don’t have the proper tools at the space to get my drive sprocket attached to the clutch output.
I ended up taking the engine partially apart and discussing with a smaller group how two-stroke gasoline engines work including magneto ignition, centrifugal clutches and flywheel vane air-cooling. Two-stroke engines aren’t terribly efficient, but there is something sublime about their mechanical simplicity. I will post more on this project as it progresses.
Zach Hoeken - MakerBot
June 5th, 2009
Zach Hoeken from NYCResistor was in town and stopped by the CCCKC on Thursday night along with a MakerBot 3D Printer.
MakerBot
NYC Resistor
DecTalk Express dtc08
June 3rd, 2009
I cut rixon off in the beginning, but he says that he is holding a DecTalk Express dtc08. Originally it would not power on because of the dead battery.
Rixon salvaged this from a thrift store. Some weird stuff happened after the first two lines of the first song played, it started reading the characters as literal, instead of in a melody fashion.
The DecTalk has a serial port we were able to connect to through minicom with a 9600 baud rate.
Also, all opponents to CCCKC should fear linoleum knives.
Jestin Stoffel On Java WiiRemote
May 31st, 2009
Check out Jestin’s blog at: JestinStoffel.com
Cyber-Security: Class 3 “Reconaisance and Attack Landscaping”
May 28th, 2009
When: 19:30
Where: Underground Lab
In an interesting turn of events, our sysadmin (Kevin Linus) has decided to branch out from his “Linux” ways, and had decided to dual boot into his second favorite operating system: (Insert name of YOUR OS HERE)
In this third installment Kevin is going to profile his company from an “outsider view” and start to narrow his understanding of the threat landscape.
We will discuss techniques of utilizing external data repositories to profile our company, as well as begin more intrusive techniques to determine vulnerable system.
YOU CAN USE ANY OPERATING SYSTEM FOR THIS THURSDAY, If you can pre-install Nessus it will save a lot of time!
Nessus 4 is available for the following platforms at http://www.nessus.org/download/
- Linux: Fedora 10 (i386 and x86-64), Red Hat Enterprise 4 & 5 (i386 and x86-64), CentOS 4 & 5, SuSE 9.3 & 10, Debian 5 (i386, amd64), Ubuntu 8.04 (i386, amd64), Ubuntu 8.10 and 9.04 (i386, amd64)
- FreeBSD: FreeBSD 7 (i386)
- Mac OS X: Mac OS X 10.4 and 10.5 (intel & ppc)
- Windows: Windows XP, 2003, Vista and 2008
You will need to agree to the EULA and fill out the form to get a license key… So use a “real” email address.
Electronics Workshop with Mitch Altman
May 9th, 2009
Date:
Sunday, May 10, 2009 from 3:00 PM - 6:00 PM (CT)
Location:
CCCKC Hackerspace
3101 Mercier St
Downtown Underground - Room 404
Kansas City, MO 64111
The Cowtown Computer Congress is excited to announce that Mitch Altman (Cornfield Electronics) will be holding an electronics class at the CCCKC Caves on Saturday May 9th. Mitch is the inventor of cool gadgets such as the Brain Machine and the TV-B-Gone. Mitch will be explaining how these projects work, came together, and will have kits available for you to build! He (and other CCCKC members) will help teach you how to solder these kits.. It is going to be a great experience!
If you have access to any of the following, please bring:
1) Soldering Iron
2) Solder
3) Wire of various small gauges
4) Wire strippers would not hurt either
5) Solder wicks or solder suckers
Otherwise you can use some community equipment — SEE YOU THERE!
A few changes
April 23rd, 2009
IMPORTANT ANNOUNCEMENT
The elevator to get into the space is currently being upgraded. It will be out of commission for the next few days. I heard from our photography-loving cave neighbor that it should be back up and running by Tuesday. For the time being, however, getting to the space will be trickier than usual.
We got permission from Dean Realty (and from our neighbor) to use some of the spaces underground until the elevator is fixed, but ONLY AFTER 5:00 PM (and I suppose into the wee hours of the morning). Having said that, I don’t know for certain when the gate closes. I do know it won’t lock you in. It opens automatically as you leave.
You will likely have to park topside and walk a block or so to the cave entry to get access during the day, as we are not allowed to use the paid-for parking spaces (read: any below ground) during business hours.
Thanks go to Asmodian X for putting some drive into putting some order into the chaos that is the workshop area. Knowing him, he likely put in quite a bit of the actual labor as well. The new layout works nicely. I had to use the drill press today and I like having the workbenches in an island configuration like this. The addition of storage bins is also a big plus.
Also, I brought in a couple of much-needed bottle openers. Maybe now we can stop using the edge of the counter, screwdrivers, and other brute-force bottle-opening methods.
Cyber-Security Class: (Apr 30) Host Discovery and Enumeration
April 21st, 2009
In this multi-part Cyber-Security learning series we will take on the role of Kevin Linus, an aspiring sysadmin who wants to “break into” the field of cyber-security. Learning by doing, we will implement tools and techniques used by “BlackHat Hackers” in order to bypass defenses and obtain unauthorized access to systems. By gaining these skills and techniques, you will gain incredible insight on how to protect your company’s network from them.
For the first part of the series, we will be discussing network and host discovery, and take it one step further with some host enumeration. This is a “hands-on” exercise and all participants should come prepared with some type of computer (laptop preferred). Also, please bring a burned copy of BackTrack 4.0 LiveDVD (DVD, Thumbdrive, or preinstalled) with you. We will be using tools such as nmap and kismet. (Although BackTrack 4 is not required, it is preferred. Due to time constraints I will not hold the class for tool installation)
This first session might be review for you, but who knows you might pick up some new tricks! (Warning nmap Kung-fu will be discussed!)
This entire training series is free to ALL CCCKC Members, and open to the community for a (suggested) $10 per session donation. This training event (entire series) will build on itself covering subjects and techniques comparable to $4000 “security vendor” event.
Future seats will be limited, so make sure you come out to the April 30th event!