Claudio is the new Education Czar for Hackmiami!!
Everyone feel free to welcome him to the new position at Claudio(at)hackmiami(dot)org. If you want to speak for a hackathon you can email him and he will review your topic.
For the hackathons we currently are looking for people to give primers on Python, Ruby on Rails, and PHP. If you feel like you have a desire to share your knowledge drop him an email.
Join us for the first Hack-A-Thon of 2011. We will be examining some web applications in an attempt to execute arbitrary code on the server using identified vulnerabilities.
We will also be charting the course for the next year, so show up and be heard!
We will be meeting at a new location this time, unfortunately the Pizza Mansion closed it’s doors permanently in December.
Time: 1:30pm – 5:30pm
The new meeting location is at:
Sweet Times Gourmet and Cafe
3451 Northeast 1st Avenue, Ste #104,
Miami, FL 33127
Join us for our Holiday / End of the Year Hack-A-Thon Party on December 11, 2010!
This will be the last Hack-A-Thon of the year, so make it count!
We will be showcasing the latest incarnation of the Samurai CTF Hacking simulation, with all new levels and challenges.
There is no cost to participate. Everyone is welcome to play the game. Be sure to bring a laptop and ethernet cable. Wireless play is available but for best results we suggest bringing a cable.
We will also be joined by members of the Association for Computing Machinery from FIU.
The event is taking place at the one and only Pizza Mansion, where the pizza is always hot and the beer is always cold:
Time: 1pm – 5:30pm
Location: Pizza Mansion
6917 W Flagler Street
Miami, FL 33144
This weekend’s HackMiami event will take place in Tampa, FL as we get together with the Whitehatters Security Club for an afternoon of CTF and live hacking demonstrations.
Rod will present a method of owning a domain controller through a web app vulnerability using the BeEF framework + metasploit.
Pete, Fabian, and Loli will also be running the Samurai CTF game that walks through the steps of hacking web apps.
Jason will present methods of AntiVirus evasion and some cool WiFi tricks.
Edit: Detailed information pertaining to this event:
When: 11AM – 5PM
Where: MSC 2702 (Marshall Student Center, 2nd floor), University of South Florida, Tampa, FL 33620
Whitehatters have also provided campus maps to help us find the Marshall Student Center.
Hackmiami researchers are featured in 3 articles about their work with botnets. They also recently spoke at OWASP AppsecDC 2010 conference in Washington DC.
Last meeting we beat the crap out of a popular IT automation software package, this meeting we intend to finish it off. Join us as we go through the various vulnerabilities we have discovered over the last two weeks.
IT Automation software is used by enterprise networks to manage large swaths of machines.
They function with a client/server relationship where an administrator can remotely access systems within the network in order to work with them.
In other words, they function a lot like botnets, and for the most part, are botnets.
This Saturday we will continue examining IT automation software packages for vulnerabilities in both the client and server software.
Place: HackMiami Space @ Sun Electronics Warehouse
690 NW 14th Street
Miami, FL
(Miami, FL) – HackMiami researcher Jason of n00bz.net revealed a 0day muti-vendor AntiVirus bypass vulnerability at the Hacker Halted conference in Miami last Thursday.
After disclosing the vulnerability to vendors and awaiting a patch release by McAfee, Jason presented the proof of concept methodology at the conference by successfully executing malicious code on target machines that were fully protected by anti virus ‘resident shield’ software.
The principle behind the vulnerability is that although AV software is supposed to alert a user when malicious code is detected and block its execution, the tested AV products only detected the malicious code AFTER it had been executed and loaded to memory. This will result in successful infection of the target machine using any known payload, such as a Zeus trojan.
The flaw resides in the way AV products deal with protocol handlers. A full write up by Jason can be found here.
Vulnerable Anti-Virus Products
CVE-2010-3496 – McAfee – patch available
CVE-2010-3497 – Symantec/Norton – recommends purchasing additional Firewall software (this is like putting a band-aid on a severed limb)
CVE-2010-3498 – AVG – no reply from vendor
CVE-2010-3499 – F-Secure – Working fix into next release
Read Complete Proof of Concept Methodology by Jason at n00bz.net
IT Automation software is used by enterprise networks to manage large swaths of machines in a single go.
Join us for an afternoon of forensics and pwnage as we are joined by Humberto of destr0y.net. He will be going over a method of locating botnet command and control servers via analysis of an infected machine.
Afterwards, Alex will present on ways to analyse the C&C servers for any vulnerabilities or misconfigurations that can lead to accessing the control panel.
Time: 1pm – 5pm
Place: HackMiami Space @ Sun Electronics Warehouse
690 NW 14th Street
Miami, FL
HackMiami has been able to obtain exclusive discount codes for registration to the 2010 Hacker Halted conference in Miami, FL for students! This conference normally costs over a thousand bucks, however students will be able to access the conference on October 13 & 14 for $200! This is an exclusive hookup for HackMiami, so take advantage!
The conference will be taking place at the InterContinental Hotel in downtown Miami, and will feature multiple tracks of presentations on infosec topics, as well as a great exhibition area that will feature some of the worlds most talented hackers showing off research projects, as well as the Samurai CTF game! You will also be able to network with potential future employers.
You do not want to miss out on this great conference! The underground will meet the above-ground, and much learning will be had by all!