Ccc Congress Hacking Security Netzpolitik Podcasts

Hilfe, ich habe eine wichtige Datei gelöscht! Oh nein, meine SD-Karte mit den Fotos ist nicht mehr lesbar! In diesem Petit Foo stelle ich das Tool Photorec vor mit dem man gelöschte Dateien wiederherstellen kann und gebe Tipps zur Verwendung.about this event: https://www.chaospott.deBy sirgoofy

3D Modellierung ist zu aufwändig? Und auf Thingiverse nichts passendes gefunden? In diesem Petit Foo zeige ich anhand eines Beispieles wie man einfach und schnell 3D Projekte umsetzt indem man Modelle von Thingiverse remixt und daraus eine passende Lösung kreiert.about this event: https://www.chaospott.de…

It's over before you know it... this talk looks back at the event, explains how the tear-down works, highlights next years camps and gives a tanks to all the organizers on stage.What more can i say? Except that i need to enter at least 250 characters. I'll just blabber on and fill up th🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈…

The traditional talk by most or all operational teams about the infrastructure built for MCH2022. While the site has some infrastructure in place, a lot of it has to be built for this event. On the other hand there's also teams that just make things go away.MCH2022 can not be organised without a lot of temporary infrastructure. Join the operational…

The MCH2022 design speaks for itself, but we would still nerd about it for a while. It is beautiful, colorful, generative, and has some physics ideas behind it. Some of it is obvious, but if you want to know all the hidden depths, this is the talk to visit.The triangulair MCH2022 design is a colourfull generative kaleidoscope with some hidden depth…

Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be.However it's not magic.This talk is intended for programmers, users and software designers.This talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do.What doe…

Data keeps flowing! In Android, we have the concept of permissions, users feel confident that only if they turn on the permission, their data is shared. But what about an app silently sitting on your device with no permission whatsoever! What can that app know about you?In this talk, I'll talk about the Privacy Posture of Android!What kind of data …

A high bar set by earlier creations, a pandemic, a postponed event and chip shortages made for a great challenge and a wild adventure creating the MCH2022 badge. This talk explains how we pulled off our most advanced creation yet. We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping pr…

The whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The "galmon.eu" project changed this.In this talk I cov…

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: …

In 2017 (just before SHA2017) the Dutch healthcare sector came together to create Stichting Z-CERT, the Zorg Computer Emergency Response Team. A nonprofit to protect and advise the Dutch Healthcare sector. What started as a small startup has now grown into a scaleup with the ambitions to match. The COVID-19 pandemic restarted the discussion about w…

So, you know how to "use" the ssh command line? You enter connection parameters like username, hostname or private key every time you need to connect? You manually log into the jump/bastion host when connecting to your target host? Then come to this session and learn how you can make your life easier and your work more efficient by using custom con…

The LIMITS workshop concerns the role of computing in human societies affected by real-world limits*. As an interdisciplinary group of researchers, practitioners, and scholars, we seek to reshape the computing research agenda, grounded by an awareness that contemporary computing research is intertwined with ecological limits in general and climate-…

My son Jurre and I got involved in helping less Tech-Savvy people find answers and recover precious data after someone close to them took their own life. This lecture describes our challenging and emotional journey as we hope to inspire others to follow our path.Picture of Jurre and Jilles by Dennis van Zuijlekom is licensed under CC BY SA 2.0After…

HowNormalAmI.eu is an interactive documentary that showcases how algorithms judge your beauty, age, gender, weight, life expectancy and emotions by simply looking at your face. The project not only shows how face recognition technology is entering our everyday lives, but it lets you experience these judgements yourself in a safe and privacy friendl…

Since early 2021, it has been impossible to buy most integrated circuits and various other components. I'll explain how and why this happened, why it's going to keep happening, and where the fragility of the electronics manufacturing ecosystem comes from.A terrible miscalculation by one unrelated industry (car manufacturing) caused the entire elect…

A demonstration of the power of MQTT in combination with Node-RED. We'll also take a look at the "universal" Tasmota firmware for ESP8266 and ESP32-based devices. This all to hopefully make you enthusiastic to start building your own projects with these building blocks.A demonstration of the power of MQTT in combination with Node-RED. We'll also ta…

Sensor.Community - Global platform for Open Environmental DataWe invite you to become part of Sensor.Community. The worldwide largest Air Quality sensor network run by contributors generating Open Data. Build a sensor, collect Open Data, share it in a continuous stream with the global network and join forces in local Sensor.Community groups.Sensor.…

Smart lights have become pervasive in many homes, but they are often designed in such a way that makes them completely reliant on the manufacturer's servers and connectivity to the Internet. However, we would much rather be fully in control of our own devices.As a target, we took on the cheap and popular Tuya white-label smart lights, which can be …

Food affects your body, food affects your mind. This talk describes how the performance of my brain has decreased over time and has returned by changing my diet. Basic food is not enough for your brain to deliver exceptional performance. Come with us and open your mind.Let your remedies be your food and your food be your remedies. Just think about …

Open source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? Do you know what’s really going on in your node_modules folder? It is critical to manage your dependencies effectively to reduce risk but most teams have an ad-hoc process where any developer can introduce dependencies. Software supply c…

Reproducible Builds is a technique that can be used to secure the software delivery pipeline.For open source software, they even allow independently auditing published binaries, removing a single point of trust from the distribution process. This can be used by individual projects or even complete Linux distributions.The software delivery pipeline …

What is inside a Verifone VX820 payment terminal and how can we run our own code (i.e. Doom) on it?This is a story of a software guy messing around with an interesting embedded device. It includes some reverse engineering, *interesting* security practices, proprietary executable formats, and a game of bootloader hopscotch.Starting with an overview …

Overview of **SmartOS** - an illumos based distribution with **focus of virtualization**. Must be named technologies used by SmartOS: ZFS, Crossbow, Zones, DTrace, Bhyve. The talk will show you the benefits of SmartOS; Configuration and management of SmartOS virtualization technologies; Tooling on top of SmartOS.SmartOS is a specialized Type 1 Hype…

The Dutch Institute for Vulnerability disclosure goes international. We’re building a community of enthusiasts to help stop the downward spiral of the internet, we’re calling it CSIRT.global. It’s aimed at international collaboration. Trust and communication, balanced with a sense of reality about the sensitive information we deal with, are key. He…

We will walk through the basics of sound field control systems and what you would need to build your own Wave Field Synthesis and Beamforming enabled system. We will unveil some of the challenges we faced at HOLOPLOT and what solutions power our tech stack.Most of us are very familiar with multiple ways of manipulating or creating audio content; fi…

One of the most used video entry systems is analysed for this talk. Severe security implications that range from passive, information gathering, attacks to active attacks where unauthorised access to buildings can be gained.During the talk the technical details of the bus system will be discussed and multiple attackvectors will be demonstrated. At …

In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation. To curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.The…

This talk gives an introduction in how single sign-on protocols (such as SAML, OAuth 2, and Open ID Connect) work. Subsequently, I will talk about the most commonly found vulnerabilities in these protocols. Finally, I will show various ways to resolve these vulnerabilities.Single sign-on remains a hot topic in 2022. Many organisations are in the pr…

During crises – like COVID19 – software is made under immense pressure in a volatile environment. Security should focus on anything that makes one vulnerable. OpenKAT does this with real forensic proof, with the right context and useful in real life.The COVID19-crisis forced to build dozens of software solutions rapidly with too few people under im…

The web is a mess, bloated with data-gathering trackers, predatory UX, massive resource loads, and it is absorbing everything it touches. The Small Internet is a counter-cultural movement to wrangle things back under control via minimalism, hands-on participation, and good old fashioned conversation. At its heart are technologies like the venerable…

"SomeApp would like to access files in your Documents folder." Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware?This talk will give an up to date overview of the local security measures of macOS and describe some ways they…

The Dutch Institute for Vulnerability Disclosure scans the internet for vulnerabilities and reports these to the people who can fix them. Our researchers will go into some of our recent cases, our board members will describe how we professionalise vulnerability disclosure and why we are allowed to somewhat break laws on computer crime and privacy.T…

The use of data is accelerating, not only owing to increasing technical possibilities like AI and earth observation, but also as a result of crises such as COVID-19 and climate change which accelerate the deployment of data and technology. This is happening on a small and local scale, as well as on a large and global one. Precisely because these da…

In his 1948 [scientific article](https://en.wikipedia.org/wiki/A_Mathematical_Theory_of_Communication) entitled ["A mathematical theory of communication"](https://people.math.harvard.edu/~ctm/home/text/others/shannon/entropy/entropy.pdf), Claude E. Shannon introduced the word “bit”. The article laid down the foundations for the field of information…

Pentesting can provide vital information to organisations about their security. However, many reports end up never being used or not being used to their full potential. That is partly due to the pentesters and their writing skills. But in large part is also to be attributed to CISO's lack of guidance and involvement. I am not a spokesperson for all…

Your organization suffers from a serious system compromise from a cyber-crime ring, state-actor or both. The cyber inferno is raging through your organisation. In this talk I’d like to walk you through a situation which escalated quickly. The talk is intended to inspire people to take preventative measures, keep their heads as cool as possible, and…

The security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure? This case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and…

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: …

TASBot has appeared at multiple charity events raising more than $1.3M to date by hacking classic video game consoles through controller ports. In this talk, dwangoAC will show how TASBot, with help from a human speedrunner, can use a Stale Reference Manipulation exploit in the N64 game Legend of Zelda: Ocarina of Time to achieve persistent Arbitra…

Only three years ago you wouldn't have had a chance to get this so-called reality past any decent editor. Now, plotting a book or movie has become increasingly hard and the next years in publishing will be interesting, since our standards in what is scary or believable or how dumb can one be to do XY as a book character, to get into whatever proble…

We know that we are in trouble as a human society, so what are we going to do about it? Showcase projects that do good things What can you do? Tension between system-level problems and the massive powers that be and the scope of individual impact. How do you leverage your privilege? imagining yourself in 2050 narratives.We know that we are in troub…

When the pandemic was declared over, Europe went into a war. This was the first major conflict in Europe where an important part of the war was waged online.Anonymous, disBalancer, IT ARMY, and the western governments.These are stories from the cyber front lines.Welcome to a panel of speakers from Ukraine and EU. We will discuss what happened on th…

PolyCoin - A distributed game across MCH. The history at EMF Camp 2018 and 2022, and how it was made and works. See what is on the inside of the PolyCoin crypto miner devices, and why they were designed the way they were and what had to be compromised along the way, what can be improved, and plans for future versions.PolyCoin - is a game being depl…

Mechanical locks are everywhere and come in all shapes and flavors. But choosing the right lock can be rather difficult. For example, what is better? A lock that is hard to pick, or a lock with hard to duplicate keys. This talk will not give you the answers, but it will help you understand the trade-offs. Furthermore, we will have fun threat modeli…

As of today, most discussions on cyber security focus on privacy and the implications of incidents involving data. However, those of us in cyber physical security often see things differently as we study actors attempting to use computers to impact the physical world (e.g. critical infrastructure and industrial controls). Geopolitical conflicts and…

There’s no quick fix for the misinformation, disinformation, and lies were seeing in the world these days, and its natural for hackers want to work on the problems with the skills at hand. I’m going to talk about why, for hackers, that’s not necessarily a good move to do solo. I’ll go over mistakes I’ve seen way too many technologists and academics…

drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts.This talk is about what distributed randomness is, what it means for developers, and users, and w…

The talk is on Introduction to opens source investigations. Aiganysh will explain what "open source" is, what kind of research you can do with it, and the challenges it entails from Bellingcat's experience. The presentation will be full of case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals…

We will take a cursory look at the protocols that underpin audio over IP from studios to stages and on to broadcast. Focusing on AES67 the you will gain a basic understanding of what it is, how it works and how it is inherently vulnerable to attack. At a high level this talk should be accessible and entertaining to all, although to grasp the more n…