DCG518 is a DEF CON group focused on community, education, mentoring and bringing the InfoSec community in the NY Capital District together. Our gatherings feature presentations, workshops, CTFs, and anything else in which the community is interested. The group is community-driven, and allows its members to be active so they can learn or teach about a subject they are passionate about. DC518 also supports the already-existing security-related and technology-focused groups, and we encourage members of all groups to collaborate and share knowledge. We are strong together. The mission of the DCG518 group is to advance knowledge and educate anyone interested in science, technology, and other areas of information security through project collaborations, group gatherings, and group activities that will best serve our community and the world.
Have you used Kerberos and Public Key Infrastructure (PKI) to “secure” your Active Directory environment? This talk unravels how a simple misconfiguration within ESC can lead to easy wins for an attacker and complete control over your Active Directory domain. Privilege escalation in Active Directory (AD) allows cyber attackers to increase access within the environment and potentially compromise entire networks—undetected. We’ll walk through why ESC flaws are so damaging and which template settings to avoid when using ADCS. You’ll see how attackers can chain vulnerabilities like PetitPotam (NTLM Relay Attack) and ADCS web enrollment for privilege escalation, achieving Domain Admin in less than 30 seconds. By the end of this presentation, you will understand which configurations to avoid and how to detect these flaws in your own environment for prevention, mitigation and remediation purposes. We’ll also cover detection tools and how this data can be ingested into platforms like BloodHound.
Think cookies are just harmless crumbs left behind by websites? Think again. In this presentation, we will dissect the real nature of browser cookies — how they are harvested, how that data gets traded, and how is weaponized by third parties to shadow your every move across the world wide web. We will expose the under-the-hood mechanics of online web tracking, from deceptive consent banners like pop-ups to the vast data ecosystems profiting off your clicks. You will walk away with practical defenses, including how to wield tools like uMatrix and the Brave browser to disrupt tracking and take back control of your digital footprint.
This presentation is about Generative Artificial intelligence -AI- Security and Exploitation with a specification in Prompt Injection, a very simple, yet effective vulnerability ranked number 1 in the OWASP Top Ten Generative AI vulnerabilities. This presentation will go into depth about all forms of Prompt Injection attacks as well as their mitigations. Furthermore, there will be a demonstration of a proof of concept -POC- of an adversarial generative AI prompt injection attack
Join us for an exciting, hands-on Lockpicking Workshop where we explore the art and science behind mechanical locks—and how understanding their inner workings makes us all smarter about security. Whether you're a curious beginner or a cybersecurity enthusiast, this workshop offers a rare peek into the physical side of security. Far from encouraging unauthorized entry, this workshop teaches the mindset of a security professional: understanding how things break is the first step in learning how to protect them. Come ready to pick, learn, and challenge your thinking—because security is not just digital, and curiosity is the master key.
Coming soon... yes, you too can learn
The digital journey through the tech world begins here! Our ongoing DCG518 session this time will be the Saturday, August 23rd, 2025 and will be at the Guilderland Public Library, in the Westbrook room. The gathering will have a presentation tittled 'The Crown’s Weak Link – Unmasking Active Directory ESC Misconfigurations Exploiting Flaws in Active Directory Certificate Services (ADCS) for Full Domain Compromise'. Doors open at 1:00pm for social hang out. The presentation start sharp at 2pm. The Guilderland Public Library is located at 2228 Western Avenue, Guilderland, New York 12084