SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.
Schedule
We meet monthly, on the 1st Thursday starting at 6pm at Foundry Distilling Company in West Des Moines.
Amelia Wietting and Dave Bailey Hell-0_World | Making Weather Cry7:00 PM
Today's weather: 0 C, tomorrow's weather: Hell!
This is the story all about how two midwesterners hacking IoT devices turn their lives upside-down. When one day they came upon a hellish wasteland @ 171 degrees, they said letβs get on it with our hands and keys!
Explore the world of IoT vulnerabilities with our exhibition of Tuya-based devices' encrypted communication protocols. Using a combination of firmware extraction and reverse engineering tools, this talk unveils useful security flaws in home weather stations and potentially other Tuya devices. Join us as we demonstrate how to manipulate device operations and unlock a portal to 'another climate' through live demos and hacks.
Amelia and Dave are embedded security researchers. They like to look at devices and wonder how they work.
Trevor Kems (krbtgt) Operation Big Brother - Unmasking Vulnerabilities in Cheap IoT Cameras from One Chinese Manufacturer7:30 PM
Inexpensive IoT cameras are very popular with consumers wishing to increase security or peace of mind while they are away. However, some cameras come at a cost. In this talk we will go over one Chinese vendor that sells camera under several brand names and the several and critical vulnerabilities that were found. We will also go over the reporting process and the minimal fixes implemented and the risks that are still ongoing. I will also be discussing 3 CVEs related to a specific camera/firmware version and the in depth reverse engineering required to find them.
Trevor Kems is an OSCP certificated penetration tester with Waterleaf International with experience in reverse engineering, cryptography, and AD pentesting. He enjoys restoring vintage computers and hacking hardware in his free time.