HELLO
HACKER

There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches. In this DC207 we'll introduce you to the fun game designed by BlackHills security, and play a few rounds.

Hardware hacking is for everyone! Fundamentals and benefits of learning hardware hacking. How to set up a lab on a tight budget, and a POC on hacking around the house.

Join us for an informative session on AWS Vulnerability scanning and management. We'll be joined by Josh Moss who will walk us through how to look for and find problems in your cloud and devops driven infrastructure with free open source tooling. You won't want to miss it! Sign up today

Join DC207 for the kickoff to a special event we're hosting with the help of Secure Code Warrior! We’ve partnered with Secure Code Warrior to bring you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. Join us on the day for our kickoff event, and then finish the challenge over the week.

Maine's community of security experts get together for some awesome knowledge sharing. Join us for presentations on malware analysis, pivoting, and the nmap scripting engine. See you there, and don't forget to register over at http://events.dc207.org

Chris Elgee joins us for a holiday themed DC207! We'll be talking all about the SANS holiday hack challenge, something Chris has been involved with for years. Join us for an overview of this awesome holiday event and learn more about what goes into the creation of such an event.

In this exciting deep dive on application security we'll be exploring real world examples of advanced hacking techniques like attack chaining, command injection, remote code execution and broken access control. Burninator will presenting her take on the world of application security and red teaming. Don't miss, it's going to be great!

Come hither and play a fun game in cyberspace with your fellow New England hackers! We're hosting our first Jeopardy-style trivia game, with buzzers and everything. Points and prizes are awarded at the host's discretion - so come prepared with a frosty beverage, an open google browser, and have some fun with us!

Web crawlers or spiders have been a mainstay in the testing toolkit of security folks for many years. They’re great for mapping out websites and understanding what you’ll be testing. There’s one disadvantage to spiders though, they only show you what you have access to… what if some of those resources are user specific, or are behind resources you can’t see or reach? In this talk, Ryan Boutot will be introducing a new open source tool for security researchers called XSSpider. XSSpider is a unique spidering tool which is meant to run within an XSS payload and execute spidering from the user’s browser, saving everything it finds for later review. You will simply not want to miss the debut of this new awesome tool.

DEFCON 28 is a wrap! Did you have fun? What did you like about DEFCON 28? We'll be tapping a few folks to give recaps of the highlights of DEFCON 28 and talk through the things learned. Come for a casual meetup to talk about all the things you saw and didn't see! :-)

Featuring four lightening talks from local community members. We'll focus primarily on speakers who have not presented before, or people who are new to the industry. Topics will include security certifications, Azure, Elastic, and resources for the newly developing professional. You won't want to miss it!

Join us for this special event where we'll be joined by the super awesome Mubix, aka Rob Fuller. Rob has over 14 years of experience covering all facets of information security. He has been behind the lines helping to design, build, and defend the US Marine Corps, US Senate, and Pentagon networks - as well as performing penetration tests and Red Team assessments against those same networks. More recently, Rob has performed numerous successful Red Team assessments against commercial Fortune 50 companies representing some of the best defensive teams in the industry. More event details to follow.

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This strained relationship can be overcome! Join us and Tanya for a masterclass in AppSec.

DC207 is hosting another awesome capture the flag event! Come to hone your skills and learn how to hack in this fun and inviting setting.

Jim Troutman's ShmooCon 2020 winning talk is going to explore the unloved protocol, DNS. It's the glue that keeps the internet together, and can be used in surprising and unexpected ways. Join us for this awesome talk!

In this hands-on workshop we’ll be building passive Ethernet tap devices. With these we’ll be able to sniff network traffic and analyze the data between endpoints.