Belouve did a presentation on OSINT and TraceLabs. Here are some links relevant to that talk, or from the slide deck:

Join TraceLabs (You will likely need to register and join their Slack)


Hunchly Tool and Hunchly Training

IntelTechniques Menu (select items over on the left side). Also this site is where you can download Buscador OS

OSINT Dashboard

CherryTree (To take notes, is cross-platform) and Freeplane (mapping out connections)

I (Belouve) will probably keep this list updated as I get more resources dug up.

December Meeting Recap

Boop.  Under construction for now.

An administrative header:

  1. We are indeed horrible at updating the site.  I pledge to fix this, but I’ve said that before.
  2. Meetings will always happen.  First Friday of the month.  Click that calendar in your taskbar.  Is it the first Friday of the month? Yes? Then we have a meeting at 7 and you should be there, even if you get there late, don’t worry.  Today is not the first Friday? Then get hyped for the next meeting. Also: https://www.meetup.com/dc414group/
  3. I was locked out of my account and had problems resetting it.  The root problem was found to be related to salty meat that comes in a can.  In other words: SPAM.  As you can tell, I’m back in now.
  4. Meetings do have rules, DC414 has rules.  I’m not bothered to define them right now, but I want to establish that we’re not crazy anarchistic and if something bugs you about a meeting, let us know.  We really only say something if it gets to be a problem.  In summary, our rules derive from DEFCON, and are mostly “Don’t be a dick”
  5. The Meeting Recaps are what I’ve seen, or what the other writers have seen.  There is almost always some other cool thing that I didn’t see or write down.  If I missed a cool thing that happened, just give me a writeup on it and I’ll get it out there.
  6. We are really growing.  Seriously, about 20 or more per meeting, lots of fun things.  And we’re glad you showed up even if we didn’t get a chance to tell you that directly.

Okay, so on to a summary of cool things we did this past meeting.  I’ll update with video and images when I can.

Under construction.

Lots of chatter

This meeting was a lot more social.  Less demos, and more talking with each other.  Seems to just be the December motif, and that’s fine if it is more social than demos. Lots of beer swapping, candy, and candy corn beer.

Nothing that a good probing can’t fix

There was discussion over tracking down a possible break in an ethernet cable at someone’s place of business.  Another hacker was kind enough to bring in an amplifier probe, and demo’d how that would track down a break.


Safe Dial

Messed around with a safe dial that was mounted on an orange acrylic stand.  We didn’t know the combination, but we figured it out. And then set a new one.

And in a first for DC414, I will include the details of that combination:

We chose to do the square of 414.  414 x 414.  Which is 171396.  So the combination is 17-13-96.  Congrats, you know the combination to a lock on an acrylic stand, that secures nothing.  It is a really janky combination, and talk to one of us and we’ll go over why.

This lock will also probably be tuned and updated.  We’ll practice safe dial manipulation later.

But can you pick it with a fork?

This will be the writeup on the lock that we picked with a plastic fork.  Pictures and video support this, and will be put here in a fun writeup.

So, again, under construction, but I’m getting something out there as soon as I can.

  • Belouve

January Meeting Recap

Starting the new year off with MOAR RECAPS.  I (Belouve) did not get there at the start, so I will recap what I was told by others.  People can fill in details if they want.

SoftEther VPN


We had a demo on SoftEtherVPN (“SoftEther” means “Software Ethernet”). This is a multi-protocol VPN software, that runs on Windows, Linux, Mac, FreeBSD and Solaris.

Also open source, and free.  You can go from Open VPN to SoftEtherVPN smoothly.  Check out the site for other highlighted features I haven’t listed here.

We’re being hacked by Russia, right? …. Right?

Belouve arrived and set up a talk digging into the details of the recent “Russian” hacking.  Pointing to the US-CERT report and the files they sent, only 2 out of the 911 indicators given by US-CERT point to Russia.  The reports on APT28 and APT29 cite some vague ‘evidence’.

One of the best things is that an APT29 report (see page 9) references the use of MiniDuke malware as being Russia.

So Belouve looked up the MiniDuke specifics, binaries, breakdown, etc.

The word ‘Russia” does not appear anywhere in the report.

But…MiniDuke does open up a backdoor…

to Turkey (See page 22)

Discover Recon Script

Belouve demonstrated his slimmed-down version of Discover Scripts, which he has available at https://github.com/belouve/discover

Credit given: the original discover script is made by Lee Baird, as available here. My version has slimmed his down, and I have updated some other steps.

This script is tuned to do as much passive recon on a target as it can, without touching the target and alerting it to its scan.

Uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, PGP Keys, multiple other websites, and then recon-ng.

The recon-ng modules scrape Bing, Google, Hackertarget, Netcraft, Shodan, Threatcrowd, GitHub, Twitter, LinkedIn, Whois, and Censys.io for information.  It parses and pivots the information gathered from other modules and earlier steps.

Take a look over the tool, it is constantly being tweaked.

Vlad’s LED Tree of LED Glory

Vlad did a demo on his multicolored individually-addressable LED tree.  Big tree, and I feel a video would go best here.

DEFCON Groups Update

Message from DEFCON groups.  Yay DC414 for actually responding to and doing the challenge!

Next Meeting

Next meeting is Friday, February 3rd.  Same bat time, same bat channel.


December Meeting Recap

Whoa. A meeting recap.


So what did we all do?

Caleb – Presented on Crafting Digital Radio Signals, to Control Things

He has a blog post about his Digital Radio Signals, and that was a majority of what was presented.  He was able to do a live demo of the capture of a remote outlet, and replay of the capture.

There was also “a peculiar signal hiccup”, wherein the signal to the remote outlet would not be received.  It would be similar to a jamming signal, if jamming radio signals were allowed.  Good thing we abide by all RF rules.

He demonstrated the ability to observe vehicle remote locking, and showed the lock and unlock signal.

njRAT v0.7d – Part Two

A part two would make sense with part one, but ::shrug::

Showed off the njRAT v0.7d that came along for the ride on a torrent. njRAT is a remote-access Trojan that has been used for the last few years. A 2013 report from General Dynamics / Fidelis Cybersecurity Solutions goes over detailed indicators, domains, and TTP’s in conjunction with attacks using njRAT.  It is also apparently up to version 0.9.  The malware is making a comeback, and maybe due to some evasion techniques shown. (or people just continue to be dumb in downloading from torrents.  That could be it too)

If njRAT is run, Hey, Look! It’s detected as a virus!

Instead, do some tech magic (someone can add detail) using Base64 in Microsoft Visual Studio.  Runs now, the EXE is loaded, and it doesn’t trigger alerts or errors.


And hey, we have a remote desktop!

If we turn on the remote webcam function…

…hey!  This is why you should tape over your webcams! And we had keyloggers, microphone access, and chats available too!

So, just don’t trust things that are pirated from the Interwebz.

Do you want this for yourself?  Do a search for njRAT or njRAT v0.7d, and you can have it yourself.  (or, it seems 0.9 is around) You will have to compile/tinker/tech magic it yourself, though.

Picking on Level 3

Well, not directly.  We were shown a few links to see Internet health

Dynatrace , Dynatrace Keynote, and DownDetector

We just couldn’t help noticing how bad Level3 looked at the time.

Hacking the HooToo HT-TM05

So this is a $40 Travel Router, and we can HACK THE SHIT OUT OF IT


Has WiFi built in, (added?) a 128GBD SSD, and it has a full Linux kernel on it now, OpenWRT, and Powered by LuCi.  Portable power that also lasts a good portion of the day.

Can do a File Server, put movies onto it, or put a web forum on it.  We plan to set one or more of these up and carry them around DEFCON 25.

Relevant GitHub that may be useful

Some were also interested in the PirateBox , that can be built on different hardware for about $35.

Something something CYPHERCON

Yeah.  See @cyphercon or cyphercon.com if you have no clue here.

If you have a better recollection of things from our meeting, good for you! Also, we could probably use that info in this update.  Comment or edit, or e-mail some DC414 folk about your contributions.



February Meeting Recap

Media is done, our Year of the Hack is posted above

We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting.  I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.

Cree.py Demo

To start us off, DW5304 did a demo of cree.py

Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.

SNMPwalk and SNMP shenanigans

DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered.  There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here

DEFCON Groups DC414 video

DEF CON Groups is holding a contest:  Year of the Hack

For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year

This was our most difficult demo yet.

Planning?  Accomplishing?

And furthermore…video?

We’ve been on video before.  We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).

Yet we hashed out a plan for the year.  We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org.  This time the event will be bigger and better, and we will use that as a means to laison with the community.

We had 20+ hackers participate to some level in our video submission.  We are not actors, we are very ADD/ADHD.  Getting more than 5 hackers on the same page is a feat.  Like herding cats.

We got it all done.  Some group shots, and some individual interviews.  It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).

Links to the videos are SUBMISSION and BLOOPER REEL

January Meeting Recap


To start us off, Vlad brought a special guest to do a demo for us.

Dr. Charles S. Tritt, Ph.D, from MSOE, did a presentation on Human-Human Interface, using a TENS (Transcutaneous electrical nerve stimulation) unit and simulation electrodes.  Taken from his document:

This device mimics a relatively common approach to controlling powered prosthetic limbs. Electromyogram signals are picked up from the surface of the skin, amplified, digitized, processed and used to effect the desired control. In this case, the control is via nerve stimulation using a TENS unit.

The ZIP file containing his handout from the meeting (which has the parts list), MSOE lab handouts, and Matlab and Arduino code, can be found here

The total cost of the build is $98

We have some media of the device being used.  More will be posted as it is processed.  If you have media, videos, or pictures, that’d you’d like to share, please let me know.

Bubbles controlling Belouve (do note that they are husband and wife)

Bubbles controlling Vlad

Vlad controlling Bubbles


Korgo and Belouve presented on the upcoming Cyphercon.  DC414 can still get in, though it seems most of DC414 are already attending or volunteering.  If you still want to get in, contact Korgo or Belouve.

There will be a booth/space for DC414 and Milwaukee Hackers (basically anyone I recognize as a Milwaukee area hacker) at the Friday part of the convention.  We’ll keep it a corporate no-fly zone.

We got a peek at one of the electronic badges for Cyphercon.

Puzzle Lock

Belouve brought a puzzle lock that he received from India.  It is claimed to be from the era of Shivaji Maharaj, who reigned from 1674 to 1680.  I’m investigating this claim to its age further.  Regardless, it’s a cool lock.

I have no video or images for my lock (yet), but I plan to make a video in English of its function and any more details I can find out.  However, I found a video of a similar lock here

December Meeting Recap

darkwind tried to show off a pager hacking demo.  I believe we were getting some new and unknown interference on the RF band he was trying to hack.  Not going to call this one as a demo fail, since the new RF interference is interesting.

DAS BOOT.  We lockpicked a TRIMAX car boot, using a BIC pen.  I think time from the package being opened to it being picked was less than 30 min.  Once we got a process going, we could pick it in under 17 seconds, just a BIC pen.  Video exists of this, we’ll try to get it put up soon.  TRIMAX: your product sucks, BIC: your products rule.

Watch a video of the TRIMAX fail

<REDACTED2> showcased a hack to Southwest’s boarding zone/boarding number system.  Want to be in line as A17 and not B47? <REDACTED2> showed us how.

We also discussed a new DC414 DEFCON Groups point-of-contact.  That has now been set and communicated to the DEFCON person responsible.  We’ll once again be recognized as an active group!

Titles are updated.  If you look under the contact portion of our page, most of the goofy titles will be updated there.

You’ll note I left some names out as <REDACTED>.  If you want your name/nickname there, let me know.  I don’t want our recaps to be a blast of “CRASH OVERLOAD HAXXORD THE GIBSON” to the Internet and anyone who may see it and cause trouble for the person who did the hack. (Some names have since been approved to be un-redacted)

That’s all the demos I can recall.

Next meeting: Jan 8th, 2016.

Upcoming Events (as of December 2015)

December 12:  Escape MKE, where a group is locked in a puzzle room, where puzzles, riddles, and coded messages are the only means of escape.  Doing the James Bomb mission.  All sold out for our group.

December 19: BasementLAN, contact Darkwind if you’re not already in.

January 8: DC414 Meeting, CESI  (first Friday is Jan 1st, so we probably won’t meet then)

March 11-12: Cyphercon, at Pfister and Safe House.  We want DC414 hackers at Cyphercon, so get in on the tickets as soon as you can! SOLD OUT

Upcoming Events (as of October 2015)

October 10: LAN Party, at CESI
October 17:  Escape MKE, where a group is locked in a puzzle room, where puzzles, riddles, and coded messages are the only means of escape.  Contact Korgo or Belouve if you’re interested in going.
October 31: Halloween Party, at Bubbles’ and Belouve’s house (contact directly for address, none of this blasting the address out to all the Internet).

November 6: DC414 Meeting, CESI

March 12: Cyphercon, at Safe House.  We want DC414 hackers at Cyphercon, so get in on the tickets as soon as you can!

Upcoming Events (as of Sept 2015)

To make a quick summary of upcoming events:

October 3-4: Barcamp, location is Sussex, WI
October 3: DC414 Meeting, held AT BARCAMP
October 10: LAN Party, probably at CESI
October 31: Halloween Party, at Bubbles’ and Belouve’s house (contact directly for address, none of this blasting the address out to all the Internet).

March 12: Cyphercon, at Safe House

Other TBD items:
A trip to Escape Chambers (see escapechambers.com), where a group is locked in a puzzle room, where puzzles, riddles, and coded messages are the only means of escape.
Some of us were interested in going, so we’ll look into it further.