HELLO
HACKER

CVES - how do they work? Well, get ready to find out! Join us on August 19th at the open bench project in Portland Maine for an exciting presentation on how to find bugs and successfully publish CVEs.

GitHub Actions are a popular thing with the DevOps crowd, but what sort of supply chain risks do they bring to an organization? Can the GitHub Action Marketplace be trusted? Scott Ellis joins us to provide an overview of GitHub Actions for those not familiar and proceed to demonstrate a few vulnerabilities that have already been used in real-world attacks.

A honeypot is an intentionally created fake system that is designed as a trap for the potential attackers. They deviate the attack to the fake system rather than the original system and even it helps you detect the malicious traffic and track them. In this workshop we'll be building our own honeypots with microcontrollers. Bring your laptop with you, this will be a hands-on exercise where you'll learn how to create simple honeypots using microcontrollers. All hardware will be provided and you'll be bringing home your own honeypot by the end of the workshop.

Join us in socializing - in person! After a long time of just meeting online, let's get together and catch up. No formal talk, or subjects, just beers and peers. :-)

Hardware hacking is for everyone! Fundamentals and benefits of learning hardware hacking. How to set up a lab on a tight budget, and a POC on hacking around the house.

Join us for an informative session on AWS Vulnerability scanning and management. We'll be joined by Josh Moss who will walk us through how to look for and find problems in your cloud and devops driven infrastructure with free open source tooling. You won't want to miss it! Sign up today

Join DC207 for the kickoff to a special event we're hosting with the help of Secure Code Warrior! We’ve partnered with Secure Code Warrior to bring you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. Join us on the day for our kickoff event, and then finish the challenge over the week.

Maine's community of security experts get together for some awesome knowledge sharing. Join us for presentations on malware analysis, pivoting, and the nmap scripting engine. See you there, and don't forget to register over at http://events.dc207.org

Chris Elgee joins us for a holiday themed DC207! We'll be talking all about the SANS holiday hack challenge, something Chris has been involved with for years. Join us for an overview of this awesome holiday event and learn more about what goes into the creation of such an event.

In this exciting deep dive on application security we'll be exploring real world examples of advanced hacking techniques like attack chaining, command injection, remote code execution and broken access control. Burninator will presenting her take on the world of application security and red teaming. Don't miss, it's going to be great!

Come hither and play a fun game in cyberspace with your fellow New England hackers! We're hosting our first Jeopardy-style trivia game, with buzzers and everything. Points and prizes are awarded at the host's discretion - so come prepared with a frosty beverage, an open google browser, and have some fun with us!

Web crawlers or spiders have been a mainstay in the testing toolkit of security folks for many years. They’re great for mapping out websites and understanding what you’ll be testing. There’s one disadvantage to spiders though, they only show you what you have access to… what if some of those resources are user specific, or are behind resources you can’t see or reach? In this talk, Ryan Boutot will be introducing a new open source tool for security researchers called XSSpider. XSSpider is a unique spidering tool which is meant to run within an XSS payload and execute spidering from the user’s browser, saving everything it finds for later review. You will simply not want to miss the debut of this new awesome tool.

DEFCON 28 is a wrap! Did you have fun? What did you like about DEFCON 28? We'll be tapping a few folks to give recaps of the highlights of DEFCON 28 and talk through the things learned. Come for a casual meetup to talk about all the things you saw and didn't see! :-)

Featuring four lightening talks from local community members. We'll focus primarily on speakers who have not presented before, or people who are new to the industry. Topics will include security certifications, Azure, Elastic, and resources for the newly developing professional. You won't want to miss it!

Join us for this special event where we'll be joined by the super awesome Mubix, aka Rob Fuller. Rob has over 14 years of experience covering all facets of information security. He has been behind the lines helping to design, build, and defend the US Marine Corps, US Senate, and Pentagon networks - as well as performing penetration tests and Red Team assessments against those same networks. More recently, Rob has performed numerous successful Red Team assessments against commercial Fortune 50 companies representing some of the best defensive teams in the industry. More event details to follow.

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This strained relationship can be overcome! Join us and Tanya for a masterclass in AppSec.

DC207 is hosting another awesome capture the flag event! Come to hone your skills and learn how to hack in this fun and inviting setting.

Jim Troutman's ShmooCon 2020 winning talk is going to explore the unloved protocol, DNS. It's the glue that keeps the internet together, and can be used in surprising and unexpected ways. Join us for this awesome talk!

In this hands-on workshop we’ll be building passive Ethernet tap devices. With these we’ll be able to sniff network traffic and analyze the data between endpoints.