Chaos Computer Club - archive feed

As of today, most discussions on cyber security focus on privacy and the implications of incidents involving data. However, those of us in cyber physical security often see things differently as we study actors attempting to use computers to impact the physical world (e.g. critical infrastructure and industrial controls). Geopolitical conflicts and accessible offensive security tools make defending against these threats increasingly complex. The anthology I bring for you illustrates the evolution of cyber physical threats through several stories with topics that span from non-fiction espionage and crime thrillers to politically-motivated intrusions and master tinkerers’ ill-fated creations. By focusing on the different players involved and their motivations, I intend not to hype up the scenario, but instead to accurately describe what we observe daily in the cyber physical threat intelligence community. “First Privacy, Now Safety: An Anthology of Tales from the Front Lines of Cyber Physical Security” will consist of a series of real stories to illustrate the evolution of cyber physical threats related to topics that span from non-fiction espionage and crime thrillers to politically-motivated intrusions and master tinkerers’ ill-fated creations. The selection of topics results from my personal experience as a member of the cyber threat intelligence community in Washington, D.C. with a very pacifist perspective of life. Some example stories include: • The Unwilling Pawn – How our infrastructure gets swept up in geopolitical conflicts • Everybody Be Cool, This is a Robbery! – How criminals can make more money by getting physical. • What if I Click Here? – Errant tales from hackers learning about cyber physical systems. (And sometimes erring in the process). All of the stories I will talk about can be verified by the audience in open sources and specialized publications, although they may not appear in any popular books or videos until a couple years from now. about this event: https://program.mch2022.org/mch2022/talk/QYAUZT/

There’s no quick fix for the misinformation, disinformation, and lies were seeing in the world these days, and its natural for hackers want to work on the problems with the skills at hand. I’m going to talk about why, for hackers, that’s not necessarily a good move to do solo. I’ll go over mistakes I’ve seen way too many technologists and academics make when approaching the subject, where misinformation *really* comes from, and where the audience can harness what they’re good at. It is deceptively easy to see misinformation as a data problem, as a societal issue of algorithms run amok on soulless social media platforms. However, just because the delivery of misinformation is purely technical, it doesn’t mean that the cause, or solution, is also technical. In the more than half a decade I have been working on factchecking misinformation and disinformation I have see this point lost over and over to technologist, hackers, hobbyists and academics. This is a huge waste of talented resources, and in this talk I will go over why this is the case and explain the most serious problems that journalists, fact-checkers and politicians are facing. Hackers have been addressing large-scale issues for decades, and my talk will lay a framework down for how the MCH community and beyond can work on the lies that are propagated across the internet and the world. There’s never been more of a need for help, and I will explain how to get the most bang for your buck. about this event: https://program.mch2022.org/mch2022/talk/MLVGMM/

drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts. This talk is about what distributed randomness is, what it means for developers, and users, and why you’d want to use it. I will also present to you the current ecosystem around drand, and what it enables you to do differently and why it is desirable in a distributed, decentralized web to have public, verifiable randomness. Don’t worry though: we will first go through an easy overview of how it works without diving too much into the gory cryptographic details. In addition, I’ll demo how drand works in practice, and explain you how you can easily use it in your applications since drand nodes can be queried by anybody. Disclaimer: this is NOT a blockchain talk, but rather a distributed system one. [drand](https://drand.love/) (pronounced "dee-rand") is a distributed randomness beacon daemon written in Golang. It has been used by Cloudflare, EPFL, Kudelski Security, UCL and other partners to setup a distributed randomness project that was unveiled in June 2019: the ["League of Entropy"](https://blog.cloudflare.com/league-of-entropy). Since then even more members have joined the league. Servers running drand can be linked with each other to produce collective, publicly verifiable, unbiasable, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. Drand nodes can also serve locally-generated private randomness to clients. Generating public randomness is the primary functionality of drand. Public randomness is generated collectively by drand nodes and publicly available. The main challenge in generating good randomness is that no party involved in the randomness generation process should be able to predict or bias the final output. Additionally, the final result has to be third-party verifiable to make it actually useful for applications like lotteries, sharding, or even "nothing up my sleeves" parameter generation for security protocols. drand relies on the following cryptographic constructions: - Pairing-based cryptography and Barreto-Naehrig curves. - Pedersen's distributed key generation protocol for the setup. - Threshold BLS signatures for the generation of public randomness. - ECIES for the encryption of private randomness. These are well known, while still relatively cutting edge cryptographic schemes. Why do we need such randomness? A lot of reasons actually: - Lotteries, jury selection, election event, random sampling for audits, ... - Protocols & cryptography: - Verifiable gossip: randomly choosing peers in a verifiable way in a network to disseminate information - Parameters: Nonces & IV for symmetric encryptions, composite or prime numbers for selecting a field for RSA, or even ECC - Schemes: Diffie Hellman exchange, Schnorr signatures, more generally for zero knowledge proofs, - Protocols: Tor (e.g. path selection), sharding (Omniledger), leader election for consensus - Statistics: verifiable random sampling, reducing bias e.g. in controlled trials in medicine, etc. Now, drand is a software ran by a set of independent nodes that collectively produce randomness and whose long term goal is to implement Randomness-as-a-Service: - Fetching randomness should be as simple as fetching time from NTP servers. - Nodes can serve both private randomness and public randomness: - Unpredictable and bias-resistant - Publicly Verifiable - Decentralized service using threshold cryptography, with high availablity, reliability and trust. This talk will NOT be about just the cryptography behind drand, but I will cover some of the basics in a simple way in order to tease the people that could be interested, while introducing cool cryptographic constructions to the rest. It will NOT be about how drand is built, but it will really be about the **practical use-cases for drand**, how to use it, its kind of randomness, what it means and why you might want to use it. about this event: https://program.mch2022.org/mch2022/talk/YWHF7Z/

If the perfect Blue Team exists, does that mean the Red Team doesn’t stand a chance against it or is there still a way to sneak their phish in the mailbox of their target? Well in this talk we investigate how a Red Team could sneak past even the best Blue Team imaginable. We analyse how a perfect Blue Team would detect malicious domains targeting their organization, how they would correlate these to other threat infrastructure to burn the whole campaign and how they would block a successful initial foothold in case they did not detect the phish campaign before its launch. By assuming the perfect adversary, we discuss techniques and important OPSEC measures Red Teams need to use to get a successful and undetected initial foothold in their targeted organization. Through practical demos and real-life examples, attendees will learn invaluable techniques and OPSEC measures to improve their Blue or Red Team tradecraft. If the perfect Blue Team exists, does that mean the Red Team doesn’t stand a chance against it or is there still a way to sneak their phish in the mailbox of their target? Well in this talk we will investigate how a Red Team could sneak past the best Blue Team imaginable. By analyzing techniques the perfect Blue Team would use, we define OPSEC measures and techniques to remain undetected and accomplish a successful initial foothold. How would a perfect Blue Team detect malicious domains targeting their organization? o BLUE: By dissecting patterns of adversaries and resulting OPSEC mistakes, we specify how domain and Certificate Transparency Log monitoring can unveil domains impersonating your organization. o RED: We explain measures the Red Team can take to avoid being caught through domain and CTL monitoring by using wildcard SSL certificates and avoiding typosquatting. How would a perfect Blue Team correlate detected malicious domains to related threat infrastructure? o BLUE: Once a suspicious domain is identified, we can correlate this to other threat infrastructure using NetLoc intelligence techniques. Through correlation, Blue Teams can leverage OPSEC mistakes to uncover and potentially burn the whole campaign. o RED: We explain measures the Red Team can take to avoid the correlation between their threat infrastructure and avoid the detection of one domain leading to the whole threat infra being burned. How would the perfect Blue Team attempt to block undetected phishing campaigns during their launch. o BLUE: We analyze how the use of reputational scoring based on IP, Domain and Mail server, can block many phishing campaigns during the launch itself. o RED: We explain how Red Teams can age and categorize their domains to pass IP/Domain/Mail based reputation detections. What if a phishing mail sneaks by the Blue Team and lands in the inbox of one of their employees, has Red Team won? Not yet: o BLUE: The perfect Blue Team has hardened employee endpoints to make a successful exploitation after a click almost impossible. We discuss several defensive techniques on how to block successful initial foothold through Macro execution hardening, Applocker, Exploit Guard and endpoint security solutions. o RED: Assuming a fully hardened system, we discuss strategies that could bypass all off these hardening measures and have been proven to be successful in past engagements We conclude with a summary of techniques both Blue and Red Teamers can use to perfect their tradecraft. about this event: https://program.mch2022.org/mch2022/talk/HKJCGA/

The talk is on Introduction to opens source investigations. Aiganysh will explain what "open source" is, what kind of research you can do with it, and the challenges it entails from Bellingcat's experience. The presentation will be full of case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals in the US. Bellingcat has conducted open source investigations into the downing of MH17, syrian chemical attacks, high level poisonings, corruption investigations, ecological research, war monitoring and etc. So what is open source investigations, how can you do it and what challenges come with it? To learn more about that join the talk by Aiganysh Aidarbekova, Bellingcat's researcher and trainer. The talk will also have case studies and exercises such as geolocating ISIS supporters from Twitter and identifying neo-nazi criminals in the US. about this event: https://program.mch2022.org/mch2022/talk/RSAY8Q/

We will take a cursory look at the protocols that underpin audio over IP from studios to stages and on to broadcast. Focusing on AES67 the you will gain a basic understanding of what it is, how it works and how it is inherently vulnerable to attack. At a high level this talk should be accessible and entertaining to all, although to grasp the more nuanced details a rudimentary knowledge of IP networking and audio digitisation will be helpful. Description: In the professional audio space the heavy and expensive XLR snakes of old have largely been replaced with audio over IP. Operationally this move to audio over IP has provided many benefits, such as being able to use the same equipment for audio as they use for video and lighting rather than special sets of gear for each aspect of a production. However with the increased use of commodity IT hardware in this operational technology (OT) environment comes an increase in attack surface from more software, easier access and less segmentation. As with many places where IT components get re-purposed for OT the administration practices and development practices of the vendors haven’t necessarily caught up with the with the best practices of there IT counterparts. There are some hard problems to solve for audio over IP such as multicast encryption and authentication but also much simpler but more cultural things like updating a working system. It is hoped that by presenting this topic to the broader community of hackers that more talented people get interested in the hard bits, and perhaps we can even reach the folks on the operational technology side to see what measures can be taken to improve the security of existing systems. about this event: https://program.mch2022.org/mch2022/talk/JKSE7N/

Panoramic 360° video offers more immersion, but has unique challenges. There are plug and play solutions, however they use centralized services such as Facebook and YouTube. In this talk (live streamed in 360° video) i will explain how to setup your own 360° live stream using your own streaming servers and viewing the 360° stream on desktops, mobile devices and VR headsets in the browser. The pandemic has brought live streaming video to the masses. Panoramic 360° video offers more immersion, but has unique challenges. There are plug and play solutions, however they use centralized services such as Facebook and YouTube that invade our privacy and spam us with ads. In this talk (live streamed in 360° video) i will explain how to setup your own 360° live stream using your own free software streaming servers and viewing the 360° stream on desktops, mobile devices and VR headsets in the browser. If you want to setup your own stream you'll need a camera (i tested with Insta360 One R and HumanEyes Vuze). The talk will cover all parts: 1. Camera setup 2. Setting up the RTMP streaming server 3. Adding HTML5 Live Streaming (HLS) 4. Setting up browser based clients for desktop, mobile and VR about this event: https://program.mch2022.org/mch2022/talk/EBKZRV/

Meta-Press.es is a WebExtention to help you exploring the online press, with no middlemen between the newspapers and your web browser. It allows you to discover millions of results within seconds and lists the last ones of each sources. Searches can be scheduled and results can be selected and exported. Meta-Press.es is a free software project built as a decentralized alternative to Google News. It is developed by Simon Descarpentries, ex-member of La Quadrature du Net, treasurer of the Fund for Defense of Net Neutrality FDN2.org and web artisan with 20 years of experience. Meta-Press.es runs entirely from your web browser and requires nothing else than online newspapers with internal search features to run. It supports currently more than 500 sources (newspapers, scientific press, online agendas…) but everything is made to help users contributing more sources. Using Meta-Press.es, there is no data sent to third parties (including our servers). We're not asking the users to believe us about the respect of their privacy, it's a matter of verifiable fact. No Meta-Press.es servers also means that Meta-Press.es is not a single point of failure, surveillance or censorship, like GAFAM are. Meta-Press.es helps you evading the swamp of third-party trackers and it works great from a Tor Browser. about this event: https://program.mch2022.org/mch2022/talk/ZRSJMG/

Hardware attacks on security relevant components, such as fault injection, have been known for decades and have been shown to be successful on a wide range of devices ranging from general purpose microcontrollers to dedicated security engines. In this work we give an overview of different methods used for fault injection and the effectiveness of these methods. We discuss electromagnetic fault injection in more detail. Most of the published research focuses on attacking low performance secure devices. However, we present the results of electromagnetic fault injection on a modern multicore system on chip running at gigahertz speed and discuss its effectiveness. In this presentation we discuss hardware attacks in general, their use cases, and real-world examples. We then discuss electromagnetic fault injection in detail. We compare the results of the previous research on microcontrollers and secure elements to more modern high performance system on chip devices. We discuss relevant features of modern Arm systems on chip and answer the two main questions of this research. Are electromagnetic fault injection attacks applicable and efficient when applied to software running at gigahertz speed on a modern multicore system on a chip? And to what extent does the operating frequency change the effectiveness of electromagnetic fault injection attacks? about this event: https://program.mch2022.org/mch2022/talk/9NZHED/

The Gigatron is a microcomputer without a microprocessor. It was made into a DIY electronics kit and sold over 1000 pieces from 2018 to 2020. It is now open source. In this talk, I will not go into the working of the kit, but explain what you need to think about when creating a kit and keeping it manageable. Think of what to design, sourcing components, testing, preventing too many support calls and more. The Gigatron is a microcomputer without a microprocessor. During the design phase, a decision was made to maybe make it into a Do-It-Yourself electronics kit. Many design decisions have been influenced by that decision, as creating a unique prototype is a lot different from creating a succesful kit. In this talk, I will go over some of these design decisions. I think the majority of them worked out very well, as over 1000 kits were sold between 2018 and 2020, before the Gigatron becoming open source. These design decisions were influenced by other kit builders, who had already gone through that process, like the people behind the PiDP-8 and Enigma-E. I would like to share some of that knowledge, so you can also stand on the shoulders of the giants before me. And of course to also stimulate the attendees to make their hobby project into a kit. No previous knowledge is needed. The talk is aimed at people wanting to turn their hobby project into a kit project. about this event: https://program.mch2022.org/mch2022/talk/33EPHD/

Governments should be radically more transparent. While calls for more open data and initiatives like the Open Government Partnership have existed for more than a decade, there is still much to be desired. Where do we stand? And, fun to imagine, where could and should we go? It is hard to have a perfect overview of the status of open government across the world. We at [Open State Foundation](https://openstate.eu/) focus mostly on accelerating digital transparency in the Netherlands. We will explain things like: - Why is the **Handelsregister** (company register) still only fully accessible for those with a lot of money? - Why are **Wob-verzoeken** (Freedom of Information requests) on average not answered within the legal deadline? - How transparent are the **external meetings of ministers** and who do they talk to? On the other hand we show why the Netherlands is a great place if you want to know how your municipalities spend their money or want to access national statistics. Still there is much to learn from other countries: - **How does Norway manage their information so well** that they respond to Freedom of Information requests much faster? - What country has **a minister that deals in the most open way with lobbyists**? - Can governments produce **modern open source software**? These examples can show us a future of a digitally transparent democracy. We end the talk by opening up the floor to the audience and love to hear about positive examples of transparent forms of governments around the world. about this event: https://program.mch2022.org/mch2022/talk/LFVBN3/

Digital maps are ubiquitous tools in our everyday life. In the early 90s, the idea of browsing the world digitally and visiting any place was groundbreaking. The first solution to this problem is known as "TerraVision", which was breathtaking at that time. Today, the idea of exploring your surroundings using digital maps has become pretty normal. But how do these maps work? In this talk, I want to provide an overview of the foundations of digital mapping solutions. Differences between maps which use vector data and rasterized satellite imaginary will be outlined. Furthermore, a new and open-source map renderer called [maplibre-rs](https://github.com/maplibre/maplibre-rs) will be presented, which is created using Rust and modern web technologies like WebWorkers and WebAssembly. Lastly, I want to show differences between commercial solutions and free and open-source ones. A lot of mobile and web applications depend on customizing and displaying maps. There are not many cross-platform solutions available. Some only work in the web. Some only work on mobile devices. Furthermore, there are only a few truly free and open-source mapping stacks available. I want to explain how [maplibre-rs](https://github.com/maplibre/maplibre-rs) can solve current challenges by leveraging a modern rendering stack. Last year I had a lot of spare time and decided to kick-start a project which combines different areas of interest: Rust, 3D rendering, Geo data This project was adopted recently by the [MapLibre](https://maplibre.org/) project and is now known as [maplibre-rs](https://github.com/maplibre/maplibre-rs). The [maplibre-rs](https://github.com/maplibre/maplibre-rs) library is a proof of concept which showed me the complexity of mapping solutions. It takes a lot of steps until edits from OpenStreetMap contributors are finally rendered in consumer applications. With this task I want to take listeners on a journey from drawing changes in the OpenStreetMap editor all the way until vectors are uploaded to from memory to GPUs. Like outlined in the abstract, I want to cover multiple topics: * Foundations of digital maps (How to determine which data should be loaded? What are vector and raster tiles?) * Show the technology stack which allows us to design and develop a cross-platform map renderer (Web, Mobile, Desktop) Lastly, I want to provide a software developer perspective on mapping technologies. about this event: https://program.mch2022.org/mch2022/talk/BRHLYE/

IRMA is a system in which you are in control of sharing specific personal properties (aka attributes) such as your age, address and gender which are stored in the IRMA app on your phone. Technically, IRMA is a set of free and open source software projects implementing the Idemix attribute-based credential scheme. Although the Idemix credential system has been around for a while it is still relevant today. In this talk, we walk you through the crypto behind Idemix, explain how it works, why it is safe and give you the means to understand Gabi, the Go implementation of Idemix that is used in IRMA. Presentations on privacy products often focus on the principles of why we should want to protect our privacy and how the product does this from a birds-eye or user perspective. In case of IRMA, this focus would be on storing your attributes on your local device and on the information flow when the IRMA app is used. However, in this talk we want to dig deeper, demonstrate the crypto behind the curtains and give you the means to reason why IRMA is a neat solution. Note that the talk is very technical. We will cover the theory of the zero-knowledge proofs, the Camenisch-Lysyankaya signature and the Idemix credential verification, all so you can understand the Go implementation of the Gabi library. If time allows, we'll also cover IRMA-specific solutions such as the keyshare protocol and revocation. We will cover a lot of ground very quickly but after this talk you will have an excellent starting point for truely understanding this anonymous credential system. Of course we'll provide you with follow-up material and are happy to chat some more after the talk with a beer or two. Background knowledge that will help in understanding this talk: - General understanding of public key cryptography, especially RSA (https://www.youtube.com/watch?v=MsqqpO9R5Hc, https://www.youtube.com/watch?v=SL7J8hPKEWY) - Basic algebra, namely the laws of exponentiation - Some context on IRMA (https://irma.app/docs/overview/) about this event: https://program.mch2022.org/mch2022/talk/AFD3XT/

Microbes are everywhere. They are part of nature, both around us and inside of us. When you provide their desired niche, you can make them do something for you, in a mutually beneficial arrangement. This talk will take you into their realm, and show a few practical examples and hacking opportunities. Our climate is on fire, but we are still reaching for an Ultimate Solution. We don't move until we get a drop-in replacement to sustain current habits, at no extra cost. Our cognitive dissonance makes us trust politicians to deliver on promises, and energy vendors to withstand lucrative green washing. But it is both interesting and profitable to be part of the solution, and not of the problem. I have a long-standing fascination with microbial processes. They are adaptive and resilient while they modestly take on chores that pull things back to nature's standards. I think many problems that we are facing now can be solved locally and efficiently with clever combinations of technology and microbiology. Not always complete solutions and not everything is simple, but they certainly add to resilience and taking ownership of problem *and* solution. In a perfect situation, energy is harvested when&where it is abundant and moved to when&where it is needed. This talk demonstrates ways of doing at least some of that with the help of microbial systems. We will demonstrate overlap and connections, and conditions under which they may be hacked: Outline: * Beer. Vinegar. Innoculation. Permaculture. * Gut. Fiber or Fat. SCFA. Immune system. Epigenetics. * Biogas. Acetate. Sulphur and ammonia. Garbage in, garbage out. * Microbial fuel cell. Clay and carbon. Training. * Pee. Urea. Energy calculations for a Raspberry Pee. * Poo. Phosphate. Energy calculations for iPoo mobility. * Compost. Worms. Energy calculations for heat generation. * Climate change & zoonose. Cramming sick animals. Antibiotics. Government ignorance. Summary: * Making beer uses yeast to turn sugar to alcohol. Yeast can flexibly adapt from/to glucose via DNA switching to generate different enzymes. Let fruit flies in, and they bring along Acetobacter that reduce alcohol to vinegar. Wild fermentation is more natural, and yields a lambic beer. Save work by going for stable, naturally mixed processes. * Our gut processes whatever we can't. Two rough kinds of colonies co-exist. One consumes cholesterol/bile and the other plants/fiber. They tune our body via SCFA, the immune system and epigenetics. You can hack by changing your food (and after a few weeks, the microbes are thought to hack you by asking for more; so much for free will?!?) * Biogas works like a gut. It forms/consumes acetate CH₃COOH to produce CO₂ and methane CH₄ with byproducts hydrogen H₂, hydrosulphide H₂S and ammonia NH₃. Local cycles can process known sludge and produce usable liquid output, but large-scale anonymity destroys that. Some influences are possible, but the process is basically difficult, smelly and a bit dangerous. * Microbes can live in a fuel cell, which then accepts electrons and passes H+ through a membrane. Urine can be broken down with just clay and carbon -- and a culture. What are researchers doing? A variant to produce hydrogen H₂. And the potential of driving microbes by passing in a current. * Pee contains urea (NH₂)CO(NH₂), a hydrogen carrier. Urea is stable when dried, but otherwise reduces to ammonia NH₃. Soil microbes normally turn ammonia into atmospheric N₂ and water. But we can also use urea in a fuel cell to extract electricity or hydrogen. * Poo contains many microbes, some of which are pathogenic. But it is also our disposal channel for phosphorous (which we mine to grow food) and nitrogen. Troubled hygiene, but can this be safe? Is it a good idea? * Compost is incredibly straightforward and safe. The nutrient cycle is so short that nature could have invented it... oh wait, it did. Spring brings a gradual start, Summer collects energy, Autumn sheds it off and Winter benefits from the captured energy. Because composting generates heat, and has been used for heating homes, or parts of homes. Though mostly self-controlled, there are broad requirements for heat retention, moisture, oxygenation and C:N ratio. Working with these, you can have some degree of control over this process. * Microbes mutate if we force them into another environment. Like a sick animal. Or 3000 of them. Antibiotics form a bonus challenge. Many animal farmers carry resistent microbes. Zoonoses are on the rise due to climate change, and they are the common source of infectious diseases. Government practices [best effort management](https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/wob-verzoeken/2020/10/28/besluit-wob-verzoek-prognoses-ziektekiemen-uit-dierhouderijen/Besluit+Wob-verzoek+prognoses+ziektekiemen+uit+dierhouderijen.pdf) by chasing for *known* diseases; they are generally clueless about possible future zoonoses and any involved risk to humans. [S

Predictive policing is hip and happening. In the last few years we have seen a number of experiments with predictive policing in The Netherlands. How does that technology work? What were the outcomes of the experiments? And what is the legal status of a suspicion generated by a computer? "Predictive policing" is the name of a family of technology that use historical crime data to make predictions about future crimes (cue Minority Report). Police departments all over the world are very interested in this technology because it promises better results (more crimes prevented) at lower cost. In the Netherlands we have seen a number of experiments with predictive policing, and one of these systems (CAS) is currently being rolled out throughout the country. But how do these systems work? And how _well_ do they work? And what is actually the legal status of a suspicion generated by a computer? This talk will give discuss relevant predictive policing experiments in the Netherlands and abroad and will discuss the results of these experiments. The talk will also cover the legal status of suspicions generated by this technology in the Netherlands. about this event: https://program.mch2022.org/mch2022/talk/DJ8FCY/

This talk will investigate how the concept of private property has fundamentally altered our behavior towards the environment. We will investigate how an alternative ontology of electronic waste is needed and argue why dumpster diving, hacking and reverse engineering abandoned electronics is more relevant than ever to tackle this problem. Within the discourse that surrounds the global rise in electronic waste, only a select range of subjects receive attention from the public - international relations, global waste management strategies and corporate greenwashing rhetoric that emphasizes a ‘circular’ economy. Although the legitimacy of these strategies can be debated, they fail to address the root of the problem. Following the pervasive concept of private property and how it has infiltrated the ways in which we think about ourselves, our relationships between each other and the environment, we will arrive at how this concept has solidified itself within the ontological frameworks we use to make sense of waste and electronic waste in particular. We will discuss how, when we get rid of the concept of private property (and subsequently the concept of waste), we can reimagine what abandoned electronics mean to us and how we can best address the incessant pressure from manufacturers to treat them as expendable, throw-away objects. We will discuss how collective dumpster diving, hacking and reverse engineering abandoned electronics might be a possible solution and present free and open source tools that could aid us in the process. about this event: https://program.mch2022.org/mch2022/talk/QZDECX/

Enterprise web applications have been deployed rapidly to the internet over the last ten years. Often, these applications remain secure, purely due to how difficult it is getting a copy of the source code. Unsurprisingly, some of the most popular enterprise web applications contain critical pre-authentication vulnerabilities. This presentation discusses how to get your hands on enterprise web applications and how to audit them for vulnerabilities, demonstrated through the disclosure of multiple 0days in popular enterprise web applications. When performing offensive source code analysis, the road to critical pre-authentication vulnerabilities usually involves a treacherous journey. From obtaining the source code, to mapping out sources and sinks, this presentation will take you on this journey to finding critical bugs in the following software: - IBM Websphere Portal / HCL Digital Experiences - Solarwinds Web Help Desk - Sitecore Experience Platform - VMWare Workspace One UEM (AirWatch) By experiencing the discovery process of 0days in popular enterprise web applications, this process can be repeated on the enterprise applications your company uses. The vulnerabilities discussed in this presentation have all gone through a responsible disclosure process. about this event: https://program.mch2022.org/mch2022/talk/EF7VSC/

I present background, rationale and future plans of Scientist Rebellion, a growing international group of currently over a thousand scientists venturing into civil disobedience since writing more papers about the climate emergency does not yield the needed political sense of urgency and actions. I'll present Scientist Rebellion, an international group of scientists taking the scientific view of the climate emergency seriously, stepping away from writing yet another paper giving the same warnings and venturing into civil disobedience. We've had worldwide (27 countries) actions and growing rapidly, as more scientists feel the necessity for society to do more (not just throwing more money at companies when they promise to be less polluting, but strict laws preventing such pollution levels). Dutch site: https://www.scientistrebellion.nl/ International site: https://scientistrebellion.com/ about this event: https://program.mch2022.org/mch2022/talk/9LZJYH/

Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet. Looking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak. Building Web-Applications is hard. Making them scale is even harder. And nobody said anything about robust yet. Looking back over the past 25 years of Web-Development, not much has changed, except for tooling and languages. The approaches we use, also have not changed much. We still write lots of JavaScript, put special glue in between layers of languages, it's bleak. Let's have a look at the Phoenix Framework, a modern approach to building Web-Applications in Elixir, on the Erlang VM, without having to resort to a multitude of languages and frameworks. In this talk we will - **NOT** pick a JavaScript framework like React or Angular - **NOT** write a single line of JavaScript - **NOT** care about Erlang or it's Syntax - **NOT** spend hours to making the application WebSocket-capable and feel "live" But we will - write a state-of-the-art application that looks and feels professional in record time - have tests for every feature, buttons, links or forms we implement (test-coverage upwards of 90%) - have formatted our code, linted, error checked - run the test-suite, before every commit about this event: https://program.mch2022.org/mch2022/talk/L3HRXH/

Last year we won Pwn2Own by demonstrating remote code execution, using a chain of three vulnerabilities, on the then latest version of the Zoom client. In this talk we would like to share all details of the vulnerabilities we found and how we combined them into a fully working exploit. When the pandemic required everyone to work from home, we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the world famous Pwn2Own competition decide to add an 'Enterprise Communications' category to last year’s competition. Everyone who was able to successfully demonstrate a zero-day attack against Zoom or Microsoft Teams would be rewarded $200,000. We decided to take them up on this challenge and started researching Zoom. This resulted in a working remote exploit against the at the time latest version of Zoom that would give the attacker full control over the victim’s system (CVE-2021-34407). During this talk, we will walk you through how we started our research, explain the vulnerabilities that were found and finally how those vulnerabilities were incorporated into the exploit that successfully performed the attack during the contest. about this event: https://program.mch2022.org/mch2022/talk/QVXXUP/

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks about this event: https://program.mch2022.org/mch2022/talk/PUNDRB/

This talk explains what the UBports Foundation does: managing the Ubuntu Touch OS for mobile devices. The challenges, the why, what and how. The world needs another phone OS. With more focus on privacy. And the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices. In this talk we tell you why. We tell you about our challenges and how we try to solve them. This means we tell you the "what" What is VoLTE and why do we need it in an open source phone OS? And we tell you the "how" How are we working on VoLTE support in Ubuntu Touch? How is knowledge management organized? How do we develop software? How are devices supported? The world needs another phone OS. With more focus on privacy. And the Ubuntu Touch OS tries to be the best in the field of open source OS's for mobile devices. In this talk we tell you why. We tell you about our challenges and how we try to solve them. This means we tell you the "what". For example: What is VoLTE and why do we need it in an open source phone OS? And we tell you the "how" How are we working on VoLTE support in Ubuntu Touch? How is knowledge management organized? How do we develop software? How are devices supported? about this event: https://program.mch2022.org/mch2022/talk/HR9XSQ/

My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs. My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will walk you through how I solved the following steps: - Fundamentals how I find vulnerabilities - Basics about the "extra" security protections in macOS - How to get payload delivered with one click - Code execution with arbitrary mount - Gatekeepper evasion - TCC protection evasion - SIP -protection evasion - Timeline - How Apple will credit the researches about this event: https://program.mch2022.org/mch2022/talk/973QGG/

Based on the world´s first, and as far as we know still the only accurate double entry bookkeeping based simulation of the banking system, we will talk through how fractional reserve banking really works from a network perspective, and how it has influenced both economic activity and economic theory in many unappreciated ways. If you want to be able to predict what the central banks will do next, and how to make sensible financial decisions despite this, this is the talk to you. Inflation is back, and it´s still the same. We´ll also talk about ways to contribute to the development of economic models and simulations that are based on real economies, and not on a 30 year practice of fitting a very short mathematical ruler, to a very long curve. It all started innocently enough, with an attempt to build a simple banking simulation in python of the standard Economics 101 textbook description of the banking system. This failed to work as soon as loan repayments were put in. The next version was a little more complicated, agent based, and used double entry book keeping, and the version after that added some simple economic features like widget producers and households (which actually makes it as sophisticated as "sophisticated economic models" (it´s still nowhere complete though), and has been used to enlighten/confuse several classes of computer science students at Reykjavik University in Iceland. Along the way we learnt how money gets created and destroyed, how several different kinds of bank regulation actually worked, identified several positive feedback loops in the financial system, how international money transfers don´t actually transfer money, and why it was probably inevitable cryptocurrency would re-invent fractional reserve banking right after they reinvented its book keeping. about this event: https://program.mch2022.org/mch2022/talk/T3CLJC/

In this presentation, we will be updating the audience on the ongoing modernization efforts of the software developed inside The Tor Project -- the organization behind the most widely deployed anonymity network. We will look at upcoming features and changes to the core technology that drives the Tor network and why a Browser may no longer be the only product we have to provide for the user-base that is so crucial in need of Tor's anonymity properties for safe internet access. The Tor ecosystem is currently going through a more extensive modernization phase where we are simplifying our goals slightly to make space for larger projects that we find necessary. This work includes implementing a new, more memory-safe Tor implementation in the Rust programming language named Arti. This work will make it easier for application developers to integrate their applications and benefit from the safety features that Tor can provide. Additionally, we will talk about some recent or upcoming changes to the network: - Give a status update on deploying modern congestion control algorithms in the Tor network. This work should significantly enhance the performance barrier that most Tor users experience. - The roadmap towards UDP support in the client and relay software. This work should allow more modern use-cases of the Tor software such as voice and video communication, WebRTC, and other protocols that leverage datagram-based data transfer. - Move to more modern cryptography in Tor's protocols, including support for Post-quantum cryptography and why this is needed. - Allowing Tor users to access the network using a VPN-like tunneling mechanism as an alternative to simply web-browsing and other socks5 enabled applications. about this event: https://program.mch2022.org/mch2022/talk/MUP7MX/

I want a Web where CDNs are unnecessary. Where different organizations, different website operators, can help each other out by hosting assets for each others' websites, thus spreading the load across many orgs in solidarity, instead of centralizing it in gatekeepers. I believe I might slowly be getting to a point of having a decent answer to that question. No blockchain required. What if I told you the [code for this is already mostly there](https://gitlab.com/rysiekpl/libresilient/)? All major browsers support Service Workers and Subresource Integrity, which means we can have a piece of JS that: 1. only gets updated from the original domain 2. handles all requests for the website 3. routes these requests to the original domain, or hits third party endpoints when the original domain is unavailable for whatever reason 4. has ways of distributing and checking Subresource Integrity on any fetched resource. And we do! Points 1. and 2. are assured by Service Workers API, so browsers enforce that. Point 3. can be achieved with [LibResilient's the alt-fetch plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/alt-fetch.js). Point 4. is the job of [LibResilient's signed-integrity plugin](https://gitlab.com/rysiekpl/libresilient/-/blob/master/plugins/signed-integrity.js). This is all very PoC. Documentation is lacking or non-existent. But it's already there, ready to be tested and improved. about this event: https://program.mch2022.org/mch2022/talk/W7MB7H/

During the COVID19-pandemic the Netherlands turned to hackers to help them make digital solutions to fight the pandemic. Why was it? What does this do to a government body like ministry? What does this mean for privacy, security and the tech choices that are made? In 2020, when the pandemic started, scientists suggested to also digitally support fighting the pandemic. One of the suggestions was digitally supported contact tracing. After first asking the market for solutions the Dutch Ministry of Health, Welfare and Sport decided to self build open, privacy friendly, secure and accessible solutions with help of a large open source community. When vaccinations became available and timeframes for building solutions were near impossible the next step was clear: get hackers involved. This isn’t just to stick to the values, but also to create solutions in ways that aren’t always common for governments. How do you hack processes and rules to create what some ministries called magic? This talk will tell the inside hacker tale of the pandemic and show the dilemmas that were overcome. This is a story of hackers in a ministry at the heat of the moment. about this event: https://program.mch2022.org/mch2022/talk/BVGYKQ/

We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. This is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? We'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own! We take a scenic tour through the origins of the UK train ticket, from the original BR specification in the 1970s through to modern replacements like mTickets, eTickets and ITSO. This is just a detour though, and we'll focus on the 'orange ticket' (RSP 9399/9599) - which continues to be a stalwart of the UK rail network. Surely they can't be that secure? After all, anyone can encode a magstripe - right? We'll take a look through the data encoded on these tickets, what interesting things you can do with them and maybe (assuming I've got it working by then) we'll be able to read and write our own! about this event: https://program.mch2022.org/mch2022/talk/XMCUHG/

A laser harp is a magic musical instrument that makes sounds from light beams. Ever since Jean-Michel Jarre used a laser harp in his live concerts to play Rendez Vous 2, many people have dreamt to play one. But they are ridiculously expensive! Klaas van Gend will discuss his ongoing journey with Pascal Ahout to design a cheap and simple laser harp suitable for a local percussionist group. A revolutionary simple laser harp, using only an Arduino board, and no moving parts. Hopefully, at the time this talk happens, the design is ready to be demoed, so we’ll end with a live demo or a video recording showcasing our working laser harp. The director from St. Caecilia percussionists group Lieshout-Mariahout in Brabant always wants to go beyond just playing music. He loves to bring in nonstandard instruments, video or lighting tricks. For an upcoming show, he wants to compose a new piece with a laser harp. As usual, he came to his audio and lighting engineer Pascal Ahout, who asked software engineer Klaas van Gend to join in. Together, they started designing a reliable laser harp from scratch, reviewing various sources on the internet and revisiting all design decisions. Their laser harp design looks remarkably different – no moving parts, no complex optics and cheap! This talk will show the design process, implementation details and hopefully the results. Indeed: the development is not done yet. So we may end the talk explaining why our ideas weren’t smart enough… We’ll have to see! But we intend to end with a working demo. about this event: https://program.mch2022.org/mch2022/talk/KBEJVL/

DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company. But, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what... While Jelle is enjoying his vacation his DIVD colleagues, Chris van 't Hof, Célistine Oosting and Frank Breedijk, will present the story of one of the more significant vulnerabilities discovered by DIVD this year. The long windy but mostly slow and silent road to disclosure and remediation and how mitigation did not take away all the risks. This talk digs into the, up to this point, untold story of case DIVD-2022-00009 and will include numbers "Doc" Brown will jealous of. about this event: https://program.mch2022.org/mch2022/talk/FEZFET/

Automotive hacking hasn't started with Miller/Valasek in 2015 - and it hasn't ended with it, either. This talk will give an overview of automotive insecurities of the past ~10 years, a brief history of some kind. I will also provide an outlook on what the future on four wheels might hold, security-wise. This talk will give an exhaustive overview of all the automotive hacks in the past 10 years, and analyze the technical issues and vulnerabilities that have been exploited. Ranging from the automotive hacking papers in the early 2010-ies by US researchers, towards the infamous Miller/Valasek presentations starting 2015, the magic work of KeenLabs and 360 Group, and covering comma.ai, the different Tesla hacks, entry system relay attacks and the recent ADAC study, towards AI-confusion attacks. I will try to analyze the underlying vulnerabilities, how they can be (respectively are already) prevented in modern vehicles, and what the future holds. about this event: https://program.mch2022.org/mch2022/talk/TVYLPH/

How should we live together? How do we make a complex, interdependent, infrastructural society less exploitive? In this talk, we'll try to frame questions, if not answers, grounded in the context of the political changes required to mitigate and survive climate change, global fascism, and hypercapitalism. This talk starts from two threads. First, the common understanding of "freedom" derives from the institution of slavery. Looking at alternate definitions provides the foundation for rethinking the building blocks of society and human interaction. Second, climate change represents an immediate existential threat to human civilization, but mitigating it is no longer a question of technology — only of collective will. If we insist on maintaining existing structures of ownership and inequality, we significantly reduce our chance of survival. However, these questions of freedom, ownership, and equity aren't just political questions, they're directly encoded in the infrastructure we all rely on to survive — that same infrastructure that we currently need to replace, almost wholesale. In reality, any path to survival will imply a muddle of adaptation, mitigation, replacement, and elimination, both of infrastructural components and of elements of the social contract and its governance systems. Harm reduction is more important and more probable than ideologically perfect revolutions (or even evolutions). However, plausible visions of the future are a critical ingredient for the hope we need to continue the work, and will also directly shape that work. Most folks who live in ownership societies (almost everyone, now) find the idea of moving away from an ownership model terrifying, because it means giving up those things that give them a sense of security. Understanding the emotional interiority of life in a post-ownership society can change that, and understanding the dynamics of different freedoms can help us understand how we might get there. As people who build infrastructure, we can play with the social models our infrastructure encodes — and have been doing so for decades. Likewise, we can (and have been) rebuilding pieces of the social contracts that shape our personal lives. This talk aims to leave you with new questions and new directions for that work. about this event: https://program.mch2022.org/mch2022/talk/VPKCC7/

Payment Service Directive (PSD2) is a fairly recent directive in Europe when it comes to electronic payments. For most of us this has happened invisibly. Although this new directive creates a lot of opportunities for fintech companies it also puts the privacy of tenths of millions of people in the hands of private companies. This talk will discuss the opportunities this will provide within Europe both for Fintech's... and scammers. In 2020 the Payment Service Directive 2 (PSD2) has become the directive governing banking in Europe. This means that for financial transactions between businesses, persons and banks a new European-wide payment system is available. While before PSD2 in order to be able to act as a Payment Service Provider (PSP) you needed to be certified by the local central bank, now with PSD2 this is no longer necessary. This means all transaction data for an IBAN number going back up to years can be queried by commercial parties investing a few hundred euro’s. An example will be shown how easy it is to overlook giving consent for this data exchange and how to revoke this consent. This talk will discuss the opportunities this new directive will provide EU residents, but will also show what implications this has in terms of privacy and how it enables scammers to automate scams. about this event: https://program.mch2022.org/mch2022/talk/MDKSB9/

Electric vehicles present a real opportunity to take a step towards better designed, more reliable, and sustainable transport. Instead, electric cars have become nightmarishly complex gadgets whose limited lifespans will make them less sustainable than a diesel pickuptruck running on whale oil. This talk will explore the problem, and make a few suggestions as to what could be done about it. I want my next car to have an electric motor, I want it to push the boundaries of what is capable with a battery and I want it to be an automotive tour de force that represents a real advance over my gasoline car in terms of lifetime sustainability. The switch to electric cars represents an opportunity like no other to deliver a new type of car that doesn’t carry the baggage of what has gone before, but what I see in the electric cars available to me just doesn't live up to that dream. The car industry now makes cars that don't rust and don't wear out, so for planned obsolescence they now rely on technological complexity to ensure they reach the scrap heap long before their promise of true sustainability can be realised. This talk will attempt to deconstruct the problem, and look at how it might be remedied. about this event: https://program.mch2022.org/mch2022/talk/M3D7UA/

Why do we believe in fake news? What are news siloes? Why can't we seemingly find a solution to discussions like blackface or the corona-deniers How to break your bubble. This lecture discusses the psychological reasons as seen from the perspective of a social engineer. Why do we believe in fake news? What are news siloes? How to break your bubble. - - about this event: https://program.mch2022.org/mch2022/talk/VLVBVG/

Go is often thought of as a server programming language, especially one used for microservices. However, I argue that it can also be a good language for much smaller systems: microcontrollers. Especially with the Internet of Things there is a need for a language that is safer, easier to use (harder to misuse) and easier to build and test. For many years, C has been the dominant language in the embedded world and especially microcontrollers. Almost all embedded systems are written in C. The last few years this has been changing, with new languages being used for this purpose: * [Rust](https://www.rust-lang.org/what/embedded) has seen rapid growth in embedded systems with its focus on safety and expressiveness. It is in fact a great replacement for C, as it is just as low level and efficient as C but without all the footguns. However, many people find this language hard to learn. * Another language that's sometimes used is Python, in the form of [MicroPython](https://micropython.org/). This is in fact what powers the SHA2017 and MCH2022 badges. While the project is an amazing accomplishment, it still suffers from the fact that the language is interpreted and there are limits to how fast it can be. * Some people have also used other languages, such as [Lua](https://nodemcu.readthedocs.io/en/release/), [JavaScript](https://www.espruino.com/), [Oberon](https://www.astrobe.com/), [Forth](https://hackaday.com/2017/01/27/forth-the-hackers-language/), [Ada](https://blog.adacore.com/ada-on-the-microbit), and probably others. I'm not aware of a language that got much further than experimental or very specific uses. * Then there is [TinyGo](https://tinygo.org/), which is a new compiler for the Go language and primarily targets baremetal embedded systems and WebAssembly. This is what I will talk about. TinyGo is a new compiler for the Go programming language. Its goal is to implement the Go language specification, be able to compile most of the Go standard library, but still optimize well enough so that binaries can run on a range of large and small embedded systems. It optimizes much more aggressively than the main Go implementation and the resulting binaries are able to run on systems ranging from the Arduino Uno, to the BBC micro:bit, to the MCH2022 badge with an ESP32 chip. I believe TinyGo offers most of the ease-of-use benefits of interpreted languages while providing most of the performance benefits of languages such as C. In this talk, I will cover what kinds of problems C can cause, why Go can be a great fit on embedded systems, an explanation of some optimizations that it does that help lower its code size and RAM consumption, and some examples of projects written using TinyGo. Oh, and of course some demos. about this event: https://program.mch2022.org/mch2022/talk/MNE98G/

Ankle monitors are devices typically used by law enforcement to track offenders, have you ever wondered how they work - which potential vulnerabilities they have or where to buy one ( or many )? This talk is about hacking electronic ankle monitors built by various Chinese manufacturers - and the protocols and software they use. Ankle monitors are devices used by law enforcement to track offenders - typically ones on house arrest. They contain various sensors and GPS, WiFi, Cellular and sometimes RF communication to transmit data and determine their position. This talk will go into detail for various brands on how they communicate with their servers - potential vulnerabilities and ways to escape/avoid detection. This talk concerns Chinese vendors of ankle monitors - but the processes are applicable to different brands and types as well. I will discuss how I developed a server which can be used with 4 vendors of these devices - and how I got the protocol documents for each of them through a bit of social engineering. The focus will be on the technical details of how your location is determined - which fallbacks are used in case locating falls - and how data is communicated to the server - and the security implications of all of this. Some of devices are used by small nations to track for instance immigrants for COVID tracking - we will discuss the implications of this. about this event: https://program.mch2022.org/mch2022/talk/DK3VKB/

Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that! Yes, this talk is about running your own mainframe on your own hardware. Mainframes are old, yes, but they are still very much alive. New hardware is still being developed and there are a lot of fresh jobs in this area too. A lot of mainframes run COBOL workloads. COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year. In this session the speaker will help you in take your first steps towards running your own mainframe. If you like then after this session you can continue to build your knowledge of mainframe systems using the links provided during the talk. Come on in and learn the basics of a completely different computer system! And it will take you less than an hour to do that! about this event: https://program.mch2022.org/mch2022/talk/PBHJCP/

Nowadays, when a user wants to authenticate mostly centralized systems, such as DigiD in the Netherlands, are utilized. Extreme events can impact the reliability of such systems. Decentralized, and more privacy-preserving systems, such as [IRMA](https://irma.app/) can help to build more reliable authentication infrastructures. With IRMA, a user can store signed attributes, such as their full name or address, within the IRMA mobile app. Subsequently, the user can disclose a subset of her attributes to parties during an authentication session. The [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) standard helps to make such systems interoperable, that is, users can use attributes across different credential systems. With a proof of concept, we show how to make IRMA VC-compliant. During extreme events, such as power outages or big floods, centralized systems are especially vulnerable as their availability can be impacted. This could result in that the whole system is unusable. Therefore, it is beneficial to develop decentralized infrastructures, as one is not dependent on centralized components. Digital authentication nowadays is mostly done via centralized systems, such as DigiD, the authentication system of governmental services in the Netherlands. Every authentication session goes through a central authority, which makes the system centralized. Additionally, from a privacy-perspective, an issue is that such a system can keep track on which sites users authenticate. To achieve more system reliability and more user privacy, it is desirable to develop authentication systems that are working in a more decentralized manner. One existing solution to this challenge is [IRMA](https://irma.app/). IRMA stands for I Reveal My Attributes and is developed by the Dutch non-profit organization [Privacy By Design](https://privacybydesign.foundation/). A central element of IRMA is a mobile app, which the foundation promotes as a digital passport on your own mobile device. Users can collect signed attributes, a set of attributes is called a credential, from authoritative parties. An attribute is for instance, your Dutch BSN, full name, or email address. IRMA protects the privacy of individuals by letting the individuals decide which attributes they want to disclose to whom, and by implementing advanced cryptography, including zero-knowledge proof techniques. Consequently, the receiving party can validate the authenticity of the disclosed credentials without the need to contact the party that issued the credentials. [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) is a standard developed by the W3C. It provides a data model and a syntax aiming to make credential systems interoperable, for instance, it can enable users to disclose credentials issued by one system to another system. Currently, IRMA can only be used within the IRMA ecosystem, that is, among servers and mobile apps that use the IRMA attributes. However, it would be desirable that people are able to use such advanced technologies and authentic attributes on the entire web across different systems. This avoids that people need different apps to be used, that could contain the same attributes, with different systems. Our research shows that it is possible to make IRMA VC-compliant via a proof of concept. Subsequently, through VCs, IRMA attributes are available for servers and apps outside the IRMA ecosystem. Similarly, other credentials can become universally verifiable. As decentralized systems become increasingly more available, governments and other organizations can utilize reliable and privacy protecting authentication widely. This benefits everyone – even and especially during extreme events. about this event: https://program.mch2022.org/mch2022/talk/3HTP8D/

TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing. TIC-80 is a fantasy console with limited resources like 240x136 pixels display, 16 color palette, 256 8x8 color sprites, 4 channel sound , etc. This gives the TIC-80 a very retro look and feel. This byte jam is a good representation of the demoscene, where coders/hackers with very limited resources in hard or software make stunning audio and visual effects. In Europe the demoscene got status of cultural heritage in Finland, Germany and Polen and requested for Netherlands and other countries. If you want to join this TIC-80 byte jam add you name to this wiki page : https://wiki.mch2022.org/Projects:Demoparty about this event: https://program.mch2022.org/mch2022/talk/PG8QBM/

This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool. In his seminal work ["The ecosystem is moving"](https://signal.org/blog/the-ecosystem-is-moving/), Moxie Marlinspike laid out clearly the reasons why it's impossible to do what [Matrix](https://en.wikipedia.org/wiki/Matrix_(protocol)), or [the Fediverse](https://fediverse.party/), or for that matter the Web, have done: create a dynamic, quickly-evolving ecosystem without centralizing it. For years, as a person responsible for information security of at-risk reporters and their sources, I have been advocating Signal as a secure Internet messaging service. And with good reasons. Criticizing a security-sensitive tool like Signal is tricky, as it might be misconstrued as a call to abandon it, and move to alternatives that might be in fact worse. But here, at a hacker conference and with little risk of causing confusion and diverting users towards less secure platforms, can we please have an honest conversation about Signal's problems? And how 5 years after that blogpost, moxie's centralization has not solved them?.. There are good reasons to exert a level of control over what connects to a communication network. But effectively shutting out a community of developers that would love to implement Signal clients [for](https://gitlab.com/rubdos/whisperfish) [less](https://open-store.io/app/textsecure.nanuc) [popular](https://forum.pine64.org/showthread.php?tid=8505) [OSes](https://forums.puri.sm/t/how-can-you-install-signal-on-the-librem-5/10244) (many of which happen to attract the kind of infosec-aware crowd that used to be the core pushers of Signal) is not a good outcome. Opening up more on the client side and providing some form of independent client development program (starting with a stable API) would already help a ton. Even if it's just the desktop client that gets re-written in something that is not in essence a packaged browser [trailing it's upstream on security patches](https://news.ycombinator.com/item?id=22239791). Finally, we need to talk federation. Does it make moving fast and breaking things more difficult? Yes, yes it does, and that can be a good thing. It also makes the resulting federated service more resilient (one [service provider experiencing issues](https://www.indiatoday.in/technology/news/story/signal-users-globally-experiencing-issues-company-working-on-a-fix-1759524-2021-01-15) does not bring the whole network down). And, it lets others innovate without being locked out. about this event: https://program.mch2022.org/mch2022/talk/7QRECD/

What happens when your home is “smart” before you even move in? More and more buildings are pre-installing smart devices that tenants didn’t ask for and may not want. These devices focus on comfort and convenience, an excellent focus as long as security is also considered. Given the deep integration these devices have, a vulnerable system could lead to devastating consequences like the loss of privacy and even unauthorized access. As a security researcher, these were my thoughts when I saw the tablet mounted on the wall of my new apartment. In a short period, I discovered multiple vulnerabilities in the system. A concern for sure, considering the system allows for remote access and has integration with services in my apartment and the building. This talk will cover my path, my process, and coverage of the vulnerabilities I discovered. The smart home system is based on a wall-mounted Android tablet, and is installed in thousands of properties throughout Europe. It allows for controlling lights, heating, motorized blinds, opening a building's main entrance door among other things. The talk will contain the following contents: * Introduction * Presentation of the smart home system * Methodology * How did I evaluate its security * Findings * Description of vulnerabilities found * Impacts and countermeasures * Disclosure timeline * Interactions with vendor * Raise awareness * Conclusion about this event: https://program.mch2022.org/mch2022/talk/JPLREJ/

We will give you a short overview over the current electric vehicle charging technology and why it sucks. Let's try to fix it with the open source software stack EVerest! We will explain the technology and architecture behind it and will invite you to join our efforts forward to a green sustainable transportation infrastructure. Building a standard for EV charging infrastructure failed so far for multiple reasons: "Innovations" are implemented on a timescale of years to decades, and the standard is typically “designed by committee”. Every new player in the game has to reimplement the standard and it's done typically “very lean”, which is furthermore delaying and bugging the situation. Our solution is to establish a open-source based SW stack for charging systems, which all companies, manufacturers and private persons can use and make it the common de-facto standard. By opening the software for all, anyone can help improve it. We have already made some progress on our SW stack called EVerest and we would like to welcome you all in helping to transform the EV charging world. EVerest is part of the Linux Foundation Energy, a community lead by the green energy transition. about this event: https://program.mch2022.org/mch2022/talk/NUNPWD/

We all know that the value of pi is a constant with a particular immutable value. Anyone who has done any graphical programming also knows that visual rendering relies not just on pi but trigonometry more broadly as well as other mathematical techniques. If we look into the source code of the first person shooter Doom we find that the value of pi used in the game is wrong. In this talk I will explore what happens when we subtly and not so subtly break math in the source. Doom is a well known classic first person shooter game with source code released under the GPL in 1999. In this talk I will begin by exploring what happens to the game when we make the value of pi even more wrong. What about when we change other trigonometric functions and constants to incorrect values? How will our familiar understanding and ability to traverse this virtual world change when we do this. Are there any interesting gaming possibilities with non-Euclidean geometries? A brief segway will cover some optimization tricks made to enable the game to run well on hardware available at the time. At the end I will provide a link to other games and public source code repositories that also use an incorrect value of pi. Pointers will also be provided to allow the audience to compile their own incorrect math version of the game. about this event: https://program.mch2022.org/mch2022/talk/ZM99EG/

A tale of sketchy^H^H^H^H^H^H^Hawesome online shopping, grimy scrap bins, and crazy DIY projects: The adventures of a few friends who set up an electron-microscopy lab (and much more!) without breaking the bank. For all audiences: whether you just want to see some cool micrographs, hear a story of hacker adventure, or, want to set up your own SEM - this should be a good time. This talk will have several parts: First we will tell you a story of a hobby that started with modifying an old classroom microscope for semiconductor imaging and has led to owning one, possibly two scanning electron microscopes (SEMs). You will see how 2020's logistics drama, COVID, language barriers, etc resulted turned the "simple" task of buying an electron microscope into a roller coaster of an adventure. Part two will look at the things we learned and what *you* should look out for if you want to get your own SEM: Things that will break, physics to watch out for, requirements for running it, and understanding the things that set different SEMs apart. Finally, we want to look at the future: Can we get a community of hackers building their own chips or replicating material science papers similar to the one we see abroad? Their achievements have been non-trivial to translate to European reality, but not impossible to. We hope to spur this on. about this event: https://program.mch2022.org/mch2022/talk/LE3MD7/

The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. Can it be opened without the key? This talk discusses how the lock works in a master keyed system and how it can possibly be defeated. It will cover decoding, picking and key duplication. The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. It was designed by Japanese company MIWA and is sold in the Netherlands under the Anker brand. It is a high security lock that is often used in large master keyed systems. I wondered: can it be opened without the key? I will present my adventures with the lock, having opened it up to see how it works, and several things I have tried to copy the key, pick the lock, decode the lock and find out what the master key looks like. The talk will include successes and failures and I will discuss designing 3D models, C&C work, electronics, Arduino programming, PCB design, and more. The talk is aimed at people with an interest in lockpicking. No prior knowledge is necessary. about this event: https://program.mch2022.org/mch2022/talk/XVBPNB/

Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution. Expect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game. With this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to: • Highlight the value of decent threat intelligence • Establish why attribution can be valuable, but how it can be a distraction, or worse • Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it Borne out of a semi-flippant Twitter comment, this talk will take you on a journey across the benefits, pitfalls, and outright BS of attribution. Expect passionate opinions, trenchfoot inducing war stories, head+desk frustration, and a strong meme game. With this session, which is aimed at security practitioners, researchers, students, and anyone with an interest in cybersecurity, we hope to: • Highlight the value of decent threat intelligence • Establish why attribution can be valuable, but how it can be a distraction, or worse • Inform people who are interested in attribution and threat intelligence as areas of study how they can pursue it about this event: https://program.mch2022.org/mch2022/talk/ATVVN8/

Tired of clothing stores not having your size, or that you're stuck in between sizes? So was Joost de Cock, he didn't - and doesn't - like how clothing stores base their clothing sizes on an imaginary average person; every person has a different body. That got him to found FreeSewing: the open-source platform that translates custom measurements into well-fitting sewing patterns with code. The platform is working towards becoming the Wikipedia of sewing patterns, with new patterns being released every few months, plus a bunch of guides on how to sew. The platform also provides guides for designers and developers, to transform patterns into code. This system based on code allows not only for custom measurements, but also for tweaking the pattern (e.g. longer sleeves, or a crop top) and recycling parts of one pattern into another - whereas a traditional sewing pattern is based on the measurements of a perfect mannequin, which is then graded up and down for different body types, which is known to have many downsides. This talk will not be held by founder Joost de Cock himself, but by an enthusiastic contributor. He will gladly go more in depth on how the code works, common pitfalls, the motivation behind it and how it helps against the rise of fast fashion - maybe encouraging some to pick up sewing themselves? A platform that can make tailored sewing patterns, it sounds great - but how does it work exactly? It definitely is an upgrade from traditional sewing patterns. Making sewing patterns may sound easy: they are pieces of fabric, shaped in a specific way and sewn in a specific way. For example, a t-shirt pattern will have these parts: a front, a back and sleeves. But to figure out the right shape, the average pattern designer will make their design based on the shape of their perfect mannequin, and they grade it up and down for different body types. Adapting the pattern for a different shape can be a tedious task. That's where FreeSewing comes into play: sewing patterns aren't based on the measurements of one fit model, but they're parameters; they vary based on what the user puts into the system. And the platform doesn't just provide sewing patterns; it also has a lot of guides available, for general sewing, specific sewing patterns and even on how to code a pattern into the system. This makes it not just a platform for sewists, but also for designers and developers. So, enough about how cool I think it is, what exactly do I mean with "sewing patterns based on code"? FreeSewing is written in JavaScript and the technique is quite similar to how you would draw a traditional pattern: a bunch of lines for the right measurements, but now a system is drawing those lines for you. A line needs a beginning point and an end point, usually also points that determine the curve; the 'coordinates' of these points are based on the measurements. The sewing patterns aren't just based on custom measurements, but you can also tweak them however you'd like (and within what's possible), e.g. wanting longer sleeves, or a crop top. Another advantage of having code as a base is that you can 'recycle' pattern parts from one sewing pattern into another. Not just the sewing patterns are easily accessible online, but also the software needed to create the code: the core library and patterns are available both for NodeJS and the browser. The code and markdown content is hosted by [Github](https://github.com/freesewing/). I'm happy that this project wasn't created by a capitalist overlord, but by someone who wanted to change the world for the better. Now there are a lot of sewing patterns available for all types of bodies and I hope it will encourage more people to start sewing their own clothes. Sewing is difficult to learn, not to mention coding, but it's so worth it. Luckily FreeSewing has a vibrant community where there's always someone ready to help with problems. My goal is to share this enthusiasm with others and maybe encourage some to pick up sewing or help out with coding. about this event: https://program.mch2022.org/mch2022/talk/M9JWKM/

Last April we won Pwn2Own Miami by demonstrating five zero-day attacks against software that is commonly used in the ICS world. ICS, or Industrial Control Systems, are systems that are involved with running an industrial process, for example in a factory or power plant. Our targets range from SCADA to HMI systems. During this talk we would like to share details about the competition and the vulnerabilities we found. ICS is an interesting field for security research. As a successful attack could have devastating results. Luckily the number of successful attacks that truly targeted ICS environments are scarce. At the same time this industry faces some difficult challenges, such as high availability requirements, old technology and a low security maturity. Pwn2Own Miami is an annual edition of the Pwn2Own competition, that focuses solely on ICS applications. Targets range from OPC UA implementations (on of the main communication protocol in ICS), to data gateways and SCADA systems. They challenge competitors to find zero-days attacks against any of the targets. Participants need to demonstrate their zero-days by compromising a target machine running the latest version of the application. Last year we participated in the Pwn2Own Austin edition, which focused on Enterprise applications, with a zero-day chain against the Zoom client. This year we decided to participate in the ICS edition. It was a close race, but ultimately we beat the competing teams and won this year's edition. We demonstrated 3 RCE's, one DoS and an interesting certificate verification bypass, which in total was good for 90 points and $90,000. about this event: https://program.mch2022.org/mch2022/talk/KW7LDS/

The current digital educational system is dominated by tech giants. Fundamental rights, like the privacy, freedom and sovereignty of children, parents and educators are insufficiently secured. Ed-tech is mainly closed source and full of vendor lockins. Products are either overpriced, harvesting data, or both. The time to replace surveillance capitalist based Ed-tech by ethical open source alternatives is now. And our coalition for fair digital education is going to do it. Private companies do not have the same interests as public institutions like schools. Schools do not have the time, knowledge or budget to hack their own IT environment together. Hence, BigTech and Ed-Tech fix this problem for schools, by offering services that have a very low price tag in euro's, but the actual payment is in data: meta data, "service"-data and user-data. DPIA you say? *(Detailed Privacy Impact Analysis)* That will achieve sort-of-legally compliant services at max. If only the authorities would actually bite, but alas, enforcement is lax, and four years of GDPR and the IT environment in schools is still riddled with privacy risks. Essential online services are out-of-scope of the DPIA's and purposes like "product improvement" (read: feeding AI and machine learning algorithms) is GDPR-Okay. If you or your kid goes to a 'Google school' and is forced to use a Chromebook, you'll be producing data to train Google, and you will be trained to love Google services. Consequently children won't develop core digital skills or a critical attitude toward digital services. Thus, there is a huge gap between core values of big tech companies versus public values in the educational system. Therefore, enforcement to make Big Tech embrace those public values will never be effective. ​​​​​​​That is why we need to build a school IT environment based upon public values: transparent, open source, privacy-by-design, decentralized, fair and respecting our digital sovereignty. Our coalition for fair digital education is going to build this. This is a huge project and a lot of work, so join us. about this event: https://program.mch2022.org/mch2022/talk/AZVEA8/