HELLO
HACKER

There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches. In this DC207 we'll introduce you to the fun game designed by BlackHills security, and play a few rounds.

Chris Elgee joins us for a holiday themed DC207! We'll be talking all about the SANS holiday hack challenge, something Chris has been involved with for years. Join us for an overview of this awesome holiday event and learn more about what goes into the creation of such an event.

In this exciting deep dive on application security we'll be exploring real world examples of advanced hacking techniques like attack chaining, command injection, remote code execution and broken access control. Burninator will presenting her take on the world of application security and red teaming. Don't miss, it's going to be great!

Come hither and play a fun game in cyberspace with your fellow New England hackers! We're hosting our first Jeopardy-style trivia game, with buzzers and everything. Points and prizes are awarded at the host's discretion - so come prepared with a frosty beverage, an open google browser, and have some fun with us!

Web crawlers or spiders have been a mainstay in the testing toolkit of security folks for many years. They’re great for mapping out websites and understanding what you’ll be testing. There’s one disadvantage to spiders though, they only show you what you have access to… what if some of those resources are user specific, or are behind resources you can’t see or reach? In this talk, Ryan Boutot will be introducing a new open source tool for security researchers called XSSpider. XSSpider is a unique spidering tool which is meant to run within an XSS payload and execute spidering from the user’s browser, saving everything it finds for later review. You will simply not want to miss the debut of this new awesome tool.

DEFCON 28 is a wrap! Did you have fun? What did you like about DEFCON 28? We'll be tapping a few folks to give recaps of the highlights of DEFCON 28 and talk through the things learned. Come for a casual meetup to talk about all the things you saw and didn't see! :-)

Featuring four lightening talks from local community members. We'll focus primarily on speakers who have not presented before, or people who are new to the industry. Topics will include security certifications, Azure, Elastic, and resources for the newly developing professional. You won't want to miss it!

Join us for this special event where we'll be joined by the super awesome Mubix, aka Rob Fuller. Rob has over 14 years of experience covering all facets of information security. He has been behind the lines helping to design, build, and defend the US Marine Corps, US Senate, and Pentagon networks - as well as performing penetration tests and Red Team assessments against those same networks. More recently, Rob has performed numerous successful Red Team assessments against commercial Fortune 50 companies representing some of the best defensive teams in the industry. More event details to follow.

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This strained relationship can be overcome! Join us and Tanya for a masterclass in AppSec.

DC207 is hosting another awesome capture the flag event! Come to hone your skills and learn how to hack in this fun and inviting setting.

Jim Troutman's ShmooCon 2020 winning talk is going to explore the unloved protocol, DNS. It's the glue that keeps the internet together, and can be used in surprising and unexpected ways. Join us for this awesome talk!

In this hands-on workshop we’ll be building passive Ethernet tap devices. With these we’ll be able to sniff network traffic and analyze the data between endpoints.