PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 9 of 290

Brauchen wir eine geistige Landesverteidigung 2.0? (dgwk2025)

Brauchen wir einen neuen gesellschaftlichen Schulterschluss, um die Errungenschaften von Aufklärung und liberaler Demokratie gegen totalitäre Bedrohungen zu verteidigen, ähnlich wie einst bei der geistigen Landesverteidigung? Wir diskutieren kritisch den historischen Begriff, sowie die Rolle von Desinformation, Medien, Cybersicherheit und weiteren Aspekten eines erweiterten, zeitgemässen Sicherheitsbegriffs. Trump gewinnt die Wahlen in den USA, Russland führt Krieg gegen die Ukraine, und rechte Parteien gewinnen in Europa zunehmend an Einfluss oder regieren bereits. In der Schweiz steigen die Militärausgaben – doch reicht das aus? Wie kann eine digitale Zivilgesellschaft dazu beitragen, dass Informationspolitik nicht als unpopulärer Kostenfaktor wahrgenommen wird, sondern als essenzieller Bestandteil der nationalen Sicherheit? Wie sichern wir langfristig unsere demokratischen Werte angesichts einer zunehmend dominierenden globalen Blocklogik? about this event: https://winterkongress.ch/2025/talks/brauchen_wir_eine_geistige_landesverteidigung_20/

Feb 28, 202537 min

Die Ökonomie der Digitalisierung (dgwk2025)

Die Digitale Gesellschaft fordert in ihrem Leitbild: "Die Digitalisierung muss allen zugute kommen". Aber ist das wirklich der Fall? Für eine Antwort müssen wir zunächst einmal analysieren, wie Digitalisierung und Big Tech als ihre prägenden Akteure aus wirtschaftlicher Sicht funktionieren. Wir schauen uns dafür in diesem Vortrag Beschreibungsansätze wie Plattform-, Überwachungs- und Digitalen Kapitalismus an. Mit einem besseren Verständnis der Ökonomie der Digitalisierung können wir dann diskutieren, wie unser Leitbild Realität werden kann. about this event: https://winterkongress.ch/2025/talks/die_okonomie_der_digitalisierung/

Feb 28, 202543 min

A year in AI (dgwk2025)

Max, Nick, und Ben lesen allesamt zu viel KI news. Sie behaupten zwar, dass das alles im Rahmen ihrer Jobs im Consulting oder der Forschung geschieht, aber letztendlich finden sie es vor allem einfach spannend. Um ihre Faszination zu rechtfertigen, haben sie euch das letzte Jahr in der KI zusammengefasst. Euch erwartet euch ein Update, in dem sie euch alles (mehr oder weniger) Wissenswertes kurz erzählen, von neuen Modellen, heiteren und heiklen Pannen, und natürlich auch Nvidias Aktienkurs. Seit 2022 fühlt sich so an, als seien im Bereich KI jedes Jahr Entwicklungen geschehen, die sonst Jahrzehnte benötigen. Wir geben euch eine kurierte Zusammenfassung des letzten Jahres, um euch die mühsame Arbeit zu ersparen, euch durch alle Veröffentlichungen zu arbeiten. Dabei behandeln wir sowohl die beworbenen Fähigkeiten neuer Modelle (ohne die technischen Details), als auch auch den Einfluss, den diese Veränderungen auf die Gesellschaft als Ganzes haben: von Pannen bei den einfachsten Aufgaben bis hin zur autonomen Entscheidung über Leben und Tod, KI hat überall ihre Finger im Spiel. about this event: https://winterkongress.ch/2025/talks/a_year_in_ai/

Feb 28, 202543 min

KI- und Automatische Entscheidungssysteme: Die Regulierung kommt nach dem Hype! (dgwk2025)

Über KI geredet wird viel, doch was geschieht in der Schweiz? Die Fachgruppe Automated Decision-Making Systeme (ADMS) der Digitalen Gesellschaft ist seit den Anfängen in der Schweiz mit dabei. Gerade kürzlich hat der Bundesrat den Bericht zu möglichen Regulierungsansätze für Künstliche Intelligenz in der Schweiz veröffentlicht. Damit macht der Diskurs um eine Regulierung einen grossen Schritt nach vorne. In diesem Vortrag beleuchten wir die Grundrisiken von künstlicher Intelligenz, wir werfen einen Blick zurück auf vergangene Entwicklungen und diskutieren die Strategie der nächsten Jahre. about this event: https://winterkongress.ch/2025/talks/ki_und_automatische_entscheidungssysteme_die_regulierung_kommt_nach_dem_hype/

Feb 28, 202545 min

Die Cloud als Schrebergarten: Missverständnisse beharrlich ausgeräumt (dgwk2025)

«Die Cloud» ist in aller Munde. Und es wird viel versprochen, insbesondere Sorglosigkeit und finanzielle Einsparungen. Dies stimmt. Aber nicht immer. Manchmal bedeutet es auch das Gegenteil, wie erste Erfahrungen von der Flucht aus der Cloud zeigen. Um diese Diskrepanz zu verstehen, müssen wir die unterschiedlichen Aspekte rund um die Cloud zuerst trennen und strukturieren. Anhand von einfach verständlichen Analogien wie dem Schrebergarten und einer Analyse des Use-Cases «Swiss Government Cloud» lernen wir die Cloud kennen und identifizieren ihre Vor- und Nachteile. about this event: https://winterkongress.ch/2025/talks/die_cloud_als_schrebergarten_missverstandnisse_beharrlich_ausgeraumt/

Feb 28, 202545 min

Eröffnung Freitag (dgwk2025)

Die Eröffnung am Freitag about this event: https://winterkongress.ch/2025/talks/eroffnung_freitag/

Feb 28, 20257 min

Your Museumsbahn needs you! (wicmp10)

Du hast mit <Lösung> herumgespielt und suchst jetzt ein Problem um das mal in Echt auszuprobieren? Du willst nicht immer nur Prototypen basteln sondern auch mal was Produktiv einsetzen? Eventuell hat eine Museumsbahn (oder ein beliebiger anderer Verein) ja ein Problem, das zu deiner Lösung passt... Museumsbahnen (und andere Vereine auch) brauchen Hilfe bei der Digitalisierung, sei es Webseiten, sei es in der Werkstatt, oder im Betrieb. Von Administration bis zum Aufbau eines Funknetzes durch ein ganzes Tal wird Unterstützung gebraucht. Und nebenbei könnt ihr noch mit Zügen spielen. Im Vortrag stelle ich euch kurz die Dampfbahn Fränkische Schweiz in Ebermannstadt vor und gebe einige Beispiele wo wir Digitalisierung brauchen und teilweise schon haben. Offene Themen sind derzeit: Funkverbindung zu unseren Zügen, Fahrgastinformation, Streckenvermessung, Kommunikation im Verein... Kulturelle Unterschiede zwischen Chaos und Museumsbahn gibt es, aber es gibt auch viele Gemeinsamkeiten. Museumsbahnen bieten eine Möglichkeit, Dinge in der Realität auszuprobieren. Und für viele der Museumsbahnen haben die Chaos-Vereine schon Lösungen. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://cfp.zam.haus/wicmp-2025/talk/WQLLYD/

Feb 28, 202535 min

WICMP Opening (wicmp10)

Ein paar wichtige Überlebenshinweise zur WICMP10. Bedienungsanleitung zum Event. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://cfp.zam.haus/wicmp-2025/talk/PJU93E/

Feb 28, 202520 min

Team Updates @ Orga Meet Feb 2025 (WHY2025)

Feb 22, 202538 min

Closing Hackerhotel 2025 (hackerhotel2025)

Closing talk of Hackerhotel 2025 with NFIR CTF award ceremony. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/YBZVUM/

Feb 16, 202531 min

Basisbeveiliging / Internet Cleanup Foundation - State of the map 2024 (hackerhotel2025)

The internet cleanup foundation publishes the baseline security of 150.000 domains of 10.000 important organizations in the Netherlands. This talk shows what we've done in 2024 and highlights some of the nice things to come in 2025 maybe spoiling one or two things :) - It had a ton of impact and large banks, internet providers and all kinds of other institutions cleaned up their baseline security issues. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/MDKVVA/

Feb 16, 202531 min

The "O" in OT (hackerhotel2025)

Operational Technology (OT) is vital for industrial processes, yet strategic understanding of OT’s security complexity is often lacking at the executive level. This presentation emphasizes the need for organizations to approach OT as a strategic priority, highlighting its unique challenges—such as legacy systems and non-negotiable uptime—amid rising cyber threats targeting critical infrastructure. By fostering executive insight into OT management, organizations can improve resilience, enhance security, and gain a competitive edge, ultimately positioning OT as an asset in operational stability and corporate strategy. This presentation, titled "The 'O' in OT," explores the importance of executive-level understanding of Operational Technology (OT) within strategic frameworks. It highlights the distinct challenges OT faces compared to IT, including legacy infrastructure, strict uptime requirements, and rising cyber threats. Participants will gain insight into how a strategic focus on OT security and management enhances organizational resilience and competitive strength. By bridging the gap between OT’s operational demands and executive decision-making, this session outlines steps for integrating OT into a cohesive, secure, and future-ready corporate strategy. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/7BDKGK/

Feb 16, 202537 min

Hackerhotel Badge talk (hackerhotel2025)

Our workflow, challenges and other fun things From the lands where badges and brooches grow on trees, a mythical folk of badge herders live peacefully and in harmony with nature and technology. They love providing humans with their seasonal harvest at Hacker events such as Hacker Hotel. We expect them to show up to tell you all about this seasons yield badges and what it took to deliver these in the hands of the Hacker Hotel people. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/CQRYEL/

Feb 16, 202525 min

How to become your own ISP (hackerhotel2025)

This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and more. Ever wanted to become sovereign on the internet? Want to know what its like to run an ISP? Are you a sysadmin that wants to learn more about networking? Then you're at the right place. This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and what you need to do if you want to participate. You will walk away with practical knowledge on how you can get started. We'll also take a short tour of my own network, how I set it up and what I use it for. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/V7QUX3/

Feb 16, 202547 min

Helpful hackers preventing evil hackers from crashing the grid (hackerhotel2025)

The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it. Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this and by identifying devices that can form a botnet, DIVD helps to make the smart grid more secure. DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. With the CVD in the Energy Sector project, DIVD will set up a research and education line with the DIVD.academy in collaboration with the energy sector to reduce the digital vulnerability of our energy system. DIVD will also build a hardware lab to test devices and scenarios. You may join too and help to save the grid. In this talk, we will demonstrate how we could have generated outages using zero-days we found in solar converters and electric car chargers. But we also did it with just one user-password combination… The European electricity network has become a ‘smart grid’. Consumers are not only users but also producers of energy. More and more devices are connected, smart and online, so supply and demand can be more easily matched. This offers many opportunities for sustainability and possibilities for new players to enter the market. But also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it. In the Netherlands and Europe, various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. Being an independent non-profit research institute, DIVD is allowed to do this. By looking for devices that can form a botnet, DIVD helps to make the smart grid more secure. DIVD has been scanning the entire internet for vulnerabilities since 2020 and reporting them to the owners of systems. This may involve known vulnerabilities (Common Vulnerabilities and Exposures), new vulnerabilities (Zero-days), leaked credentials (username-password combinations) and online sources that are unintentionally accessible. DIVD is also a CVE Numbering Authority (CNA) and can publish new vulnerabilities. Our way of working is supported by the parties responsible for digital security in the Netherlands, such as NCTV, NCSC, AIVD, police, and many cyber security companies. In addition to these activities, DIVD also conducts research into vulnerabilities in the equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. With the CVD in the Energy Sector project, DIVD will set up a research and education line with the DIVD.academy in collaboration with the energy sector to jointly reduce the digital vulnerability of our energy system. In 2025, we will: - Incorporate all energy-related research by DIVD into a research line under a Research Lead Energy. - Establish structural partnerships with the energy sector to jointly resolve vulnerabilities. - Build our own hardware lab where we will test peripheral equipment for security and collaborate with other hardware labs. - Set up our CNA to receive, process, and publish CVEs of digital solutions used in the energy system. Share research findings with authorities to support their enforcement. DIVD.academy familiarize students with basic knowledge of energy systems and energy equipment and involve them in practice-oriented research. - Develop teaching materials for the installation sector and training courses to increase awareness of vulnerabilities in the energy system. - Share our knowledge via hacker events and security conferences. In this talk, we will demonstrate how we could have generated outages using zero-days we found

Feb 16, 202550 min

How Thermonuclear fusion works, free energy without waste (hackerhotel2025)

Nuclear fusion is a clean safe energy. Fusing hydrogen nuclei to release an enormous amount of energy. This talk will cover: - A recap of the physics that makes fusion work - How to build a fusion reactor at home - How nuclei collide and what is needed to the coulomb barrier - Challenges in how to scale it up and make it generate more power - How far are we to have fusion energy on the power grid - Current technical challenges in fusion - How we can solve problems using machine learning Nuclear fusion promises a clean, safe, and abundant source of energy by fusing hydrogen isotopes to release more power than is put in. In this talk, we will start by clarifying the fundamental physics of fusion—how overcoming the Coulomb barrier allows two hydrogen nuclei to fuse. We will then explore the path to industrial-scale fusion power, focusing on international prototypes such as ITER, designed to demonstrate an energy output of Q=10 (50 MW in, 500 MW out). Alongside the incredible engineering achievements involved in building such large machines, we will discuss the complexities of controlling high-temperature plasmas, mitigating disruptions, and managing edge-localized modes (ELMs). Throughout the talk, we will highlight novel control and diagnostic strategies, including machine-learning-based models that can aid real-time plasma monitoring and regulation. Ultimately, we will address how these technologies, with deeper physical understanding, can bring us closer to fusion’s full potential as a reliable and low-waste energy source. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/YJZ9KL/

Feb 16, 202537 min

A Communication’s Guide To The Hackerscene (hackerhotel2025)

Wat je als 𝘏𝘰𝘮𝘰 𝘊𝘺𝘣𝘦𝘳𝘯𝘦𝘵𝘪𝘤𝘶𝘴 altijd al hebt willen weten: hoe krijg je het voor elkaar dat de 𝘏𝘰𝘮𝘰 𝘖𝘳𝘥𝘪𝘯𝘢𝘳𝘪𝘶s (= niet hackende mens) ein-de-lijk het belang van jouw werk inziet en een beetje meewerkt. Strijk neer op je handdoek en leun achterover, want deze zondagmiddag (Don't Panic. Time is an illusion.) nemen Roxane Kortland en ik je mee hoe je als 𝘏𝘰𝘮𝘰 𝘊𝘺𝘣𝘦𝘳𝘯𝘦𝘵𝘪𝘤𝘶𝘴 effectief communiceert met de 𝘏𝘰𝘮𝘰 𝘖𝘳𝘥𝘪𝘯𝘢𝘳𝘪𝘶𝘴 (de niet hackende mens). Waarom? Communicatie is fantastisch, duh. En doelgerichte communicatie zorgt ervoor dat die 𝘏𝘰𝘮𝘰 𝘖𝘳𝘥𝘪𝘯𝘢𝘳𝘪𝘶s ein-de-lijk het belang van jouw werk inziet en een beetje meewerkt. Tip: neem een pen mee Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/Z38YHU/

Feb 16, 202541 min

Operation Check Mate: De Rechtszaak (hackerhotel2025)

Tijdens Hacker Hotel krijg je de unieke kans om deel te nemen aan Operation Check Mate, een meeslepende interactieve ervaring waarin je zelf in de schoenen van een rechercheur staat. Deze game is ontwikkeld door experts uit het veld en biedt een fascinerende inkijk in de wereld van strafrechtelijk onderzoek. In teams werk je aan een intrigerende zaak, waarbij alle aspecten van recherchewerk aan bod komen: 🔍 Recherchewerk: Analyseer de zaak, stel kritische vragen en bepaal de volgende stappen. 🗣️ Verhoor: Onderzoek hoe je informatie boven tafel krijgt tijdens een verhoor. 🏠 Doorzoeking: Plan en voer een doorzoeking uit. Wat mag wel en wat niet? 📱 Digitaal forensisch: Werk met echte digitale sporen en leer hoe je deze effectief kunt vorderen en analyseren. 📂 Dossieropbouw: Bouw een sterk strafdossier dat standhoudt in de rechtszaal. Deze game is méér dan een simulatie: je werkt met scenario’s die zijn ontwikkeld door experts uit het veld, waaronder forensisch onderzoekers, pentesters en professionals uit de strafrechtketen (denk aan politie, OM en rde Rechtspraak). Bovendien hebben creatieve geesten met een verknipte blik gezorgd voor onverwachte twists en uitdagingen. Maar hier komt de echte uitdaging: hackers zijn vaak kritisch over de politie. Toch, als je nu écht in de schoenen van een rechercheur staat, is het allemaal wel zo simpel als het lijkt? Kun je jouw technische en tactische skills combineren met juridische en ethische overwegingen? En hoe ga je om met druk, complexe gegevens en menselijke factoren? Het hoogtepunt? Op zondag mondt de zaak uit in een rechtszaak waarin jouw werk op de proef wordt gesteld. Durf jij het aan om jouw skills in de praktijk te brengen en een zaak tot een succesvol einde te brengen? Praktisch: 📅 Start: Vrijdag 14 februari 2025 om 13:37 ⚖️ Rechtszaak: Zondag 16 februari om 14:30 📍 Meld je aan via: [email protected] 💡 Let op: Het aantal plaatsen is beperkt. Grijp deze kans, sluit je aan bij een rechercheteam en ontdek of jij het in je hebt om een zaak op te lossen in een wereld vol uitdagingen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/DMAMKD/

Feb 16, 20251h 11m

Build your own parametric speaker (hackerhotel2025)

In this talk I will show you the theory behind parametric arrays what is involved in making your own low-cost directional speaker Parametric speakers are extremely directional speakers that produce audible sound by modulating an audible signal on top of an ultrasonic carrier. Commercial options have existed for a long time but are quite expensive for hobbyists. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/9V7W9G/

Feb 16, 202515 min

How do models like ChatGPT (LLM) work, can you hack them and run them offline? (hackerhotel2025)

What is an LLM? Can you run it yourself? Can you hack it? This session will explain high-level how an LLM works, how you can run this yourself (maybe for privacy reasons), Coding with LLMs and the hacking possibilities of these AI systems. Expect many demos and hopefully useful tips and tricks, so you can directly try all this stuff out yourself. Keyword: Supervised Learning and Reenforced Learning, Hugging Face, Quantization, Ollama, open-webui, Prompt Hacking, Tokens, Context Length I will explain basics of Machine Learning concepts How these ML concepts have created LLMs and how they somewhat work What is needed to run LLMs (Inference) and how you can run it your self how to test various LLMs prompt hacking using LLMs for coding Many live demos Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/GR78YQ/

Feb 16, 202558 min

A criminal, and victim view of phishing and phishing panels, live of stage. (hackerhotel2025)

The Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing emails daily. In this presentation, we will take you into the world of the criminals sending phishing emails and the recipients of the phishing mail. A live phishing demo is included. This presentation will show several examples of daily phishing that the Dutch Tax and Customs Administration deals with. The Dutch Tax and Customs Administration receives over 60,000 reports of phishing every year. The second part of the presentation includes a live demo of a phishing panel. Using a phishing panel ensures the phishing victim pays for purchasing a 75" OLED TV without knowing it. The TV is delivered to the cybercriminal's address. All of this is live on stage. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/KT8ZGY/

Feb 16, 202551 min

Hacking the international travel system (hackerhotel2025)

It's one thing to plan a vacation trip to Cancun if you have a Dutch passport. It's entirely another to find a way to safety if you have an Egyptian passport. It's one thing to plan a vacation trip to Cancun if you have a Dutch passport. It's entirely another to find a way to safety if you have an Egyptian passport. We are experts in moving people to places that various governments would rather we didn't. The global immigration, customs, and travel system is an absolutely massive technological and human system designed to make sure things happen according to the government's agenda. We have our own agenda, and it all makes for great hacking potential. Insert clever engineering, some interesting math, more than a bit of skullduggery, and you end up with our routing system and what we humbly suggest is an epic hack for a life saving purpose. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/9ZGMCC/

Feb 16, 202531 min

Wat is data (hackerhotel2025)

Sociale constructen gebruikt in software context en alles wat daar entertainment mee maakt :) Een interactieve presentatie over waarom beperkingen op je dataset zetten onhandig is. Wat is data? Hoe lang duurt een dag? Hoe lang duurt een uur? Hoe lang is een maand? Wat is een jaartal? Wat is een geboortedatum? Wat is een naam? Hoe lang is een pincode? Waaruit bestaat een pincode? Hoe veilig is een private key? Wat zijn mooie ronde getallen? Hoe groot is een bit? Hoe groot is een byte? Waarom zou je sorteren op afmeting? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/UHZ3EJ/

Feb 15, 202515 min

Onaangekondigde Persconferentie (hackerhotel2025)

Onaangekondigde Persconferentie by Hackerhotel 2025 - Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: -

Feb 15, 20256 min

Evolution and history of 33.333 years of Hardcore Music (hackerhotel2025)

The summary that's fun for both outsiders and insiders of this gem of a genre. Talk is in Dutch :) I wanted to do another talk, but Hacker Hotel decided to sell branded bomber jacks, which forced my hand as this conference then also needs the talk that goes along with those jackets. During the talk we'll listen to the evolution of a genre using samples and watch some video clips. The talk will provide background about the scene: from art to cheese. There will also be some tech about "how it's made", but mostly pointers. This talk is __**TOTALLY NOT INTENDED AS**__ a gateway into a permanent desire to listen to distorted and grainy audio. This talk mostly focusing on fun and interesting stuff, but due to the inherent nature of hardcore music there might (=guarantee) be references to sex, drugs, violence, profanity, recklessness and spooky scary skeletons in the first ten seconds. This talk is not for all ages and minds. So there you have it: licensing AND content AND audience problems galore in just one submission! This is finally giving the hacker hotel producers the missing challenge that they have been searching for all these years. PS1: If you like this talk in advance, please get in touch if you'd like to add or validate things: it's pretty hard it compress 33.333 years into an hour. PS2: Maybe we'll also do the accompanying dance afterwards, who knows, i'm not really good at it but i know some of you are. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/UPGVLX/

Feb 15, 20251h 5m

Frank talks AI, keynote style (hackerhotel2025)

Frank talks about AI, why it all of a sudden is everywhere and what it means. The keynotes of the likes of Microsoft, Google and Apple can all be summarized in 10 words: “A.I., A.I., A.I., Large Language Model, A.I., A.I., GPT, A.I. …“, so no doubt artificial intelligence holds a promise for the future. But what promise? Will A.I. save use or doom us? Or is it too soon to tell? With the invention of the car, the car accident, vehicle man slaughter and the getaway car were also invented, as well as the police car and motorized ambulances. How does this apply to artificial intelligence? What is the current state of A.I., what does it mean to our perception of the truth, and can it help us make the world more secure? How do classical security measures apply to the A.I. world, where do they fall short, and can we expect new or improved measures with the help of A.I.? Spoiler: yes, they do, and yes, we can. In this talk, Frank will look at the A.I. wave from his unique and down to earth perspective. And hopefully you will walk away with a better understanding of AI in the context of (cyber) security. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/U7W3YQ/

Feb 15, 202543 min

My stairs use 6 IP Addresses and run JavaScript (hackerhotel2025)

I spent the past 6 years restoring and upgrading the 2 flights of stairs in my almost 100 years old house in my off time, taking into them into the 21st century while I was at it. The result is a standalone extensible system that supports an unlimited number of sensors and can light up to 256 cheap LED strips on a setup that can run completely off of a simple USB power bank for days and costs under about €40 in parts. Come watch this talk if you want to hear me nerd out for an hour and go deep into the challenges and lessons learned, new skills unlocked and how I wrote a ridiculous Timeline based custom Animation Engine in JavaScript that can render it's output as either PWM or CSS animations to run the whole thing and make it do what I envisioned. This talk goes from 3D design and printing to Arduino/Esp32 IOT hardware, software and programming, woodworking and heavy construction to how I finally used Claude to take it to the final iteration and a public release. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/YNQQN7/

Feb 15, 202541 min

Don't Trust Us (hackerhotel2025)

In The Netherlands, everyone can trust the outcome of elections. That is our mission as The Dutch electoral council. But you don't have to trust us to be able to trust the outcome of elections. Anyone can verify the results and in this presentation, we aim to explain to you which security measures have been taken in the election process here in The Netherlands to make sure you can trust the outcome of our elections, without having to trust us. On average, we have one election each year. But not everyone knows how elections in our country are protected against security risks. We know we don't use voting machines anymore, but we do use software. We are currently working on new software. In this presentation you will learn: - Why the software we use doesn't have to be able to resist every type of "cyber" attack. - How voters can verify the results of elections either physically or from the comfort of their computer from home. - Why voting machines or internet voting are not currently a real alternative worth considering. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/DHTDEM/

Feb 15, 202530 min

Tanmatsu/WHY2025 badge PCB design (hackerhotel2025)

This talk delves into the technical aspects of the Tanmatsu hardware design, the latest creation by the badge team, set to be released alongside the availability of ESP32-P4 chips. It will also form the foundation for the WHY2025 badge. Topics include an exploration of the PCB's high-level design, cost considerations for producing 4000 units, challenges and insights from working with pre-release chip prototypes, and a discussion on the practical aspects of MIPI DSI/SCI interfaces, including LVDS and impedance. The session will share both the hurdles and triumphs encountered during the design process. A talk about the technical aspects of the hardware design of the latest hardware design created by badge team. The Tanmatsu hardware design is finished, and will be available for the community as soon as the ESP32-P4 chips are available. The design will also be the bases for the WHY2025 badge. In this talk we'll take a deep dive into developing a badge project in a neurodiverse community: - PCB high level design - Cost considerations when designing a 4000x PCB - Some horror and beauty on the design path - MIPI DSI/SCI (LVDS, multi layer, impedance and clearance) - Mass production considerations Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/G79YRC/

Feb 15, 202548 min

Meshtastic Fantastic (hackerhotel2025)

Meshtastic and LoRa, what is it and what can you do with it? LoRa, or Long Range radio, is a technology that operates on freely available frequency bands. Thanks to its unique way of transmitting and receiving signals, it’s not only remarkably resistant to noise but also capable of bridging impressive distances with very little power. One of the most exciting applications making waves is Meshtastic. But what exactly is Meshtastic, and how does the mysterious Hackerhotel bridge play into the picture? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/33SUDX/

Feb 15, 202538 min

Van de GHP tot why2025: De geschiedenis en toekomst van de nederlandse hackercamps (hackerhotel2025)

De geschiedenis en toekomst van de nederlandse hackercamps Kom mee door deze geschiedenis les ter voorbereiding van het jubuleum kamp, WHY2025! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/NCKS3X/

Feb 15, 202543 min

What's that CubeSat Satellite stuff anyhow? (hackerhotel2025)

CubeSats are small satellites comprised of 10x10x10cm "units" and range in size from very small 1U or smaller PocketQubes to 24U beasts. What can be done with such a platform and why? CubeSats are small satellites comprised of 10x10x10cm "units" and range in size from very small 1U or smaller PocketQubes to 24U beasts. What can be done with such a platform and why? I will go in to a brief history as well as some applications with examples. The goal is to keep this talk TLP:Clear Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/QTVJFY/

Feb 15, 202555 min

Aid to Ukraine - with Roman from Kharkiv (hackerhotel2025)

Since the start of the war, our community has risen to help friends in Ukraine in many different ways. Roman Kniaziev is coming over from Kharkiv to explain how he works with all the volunteers of ETOC to support his country. Even though the news can be overwhelming, everyone can help. This talk shows you how. The IT community in Kharkiv is doing their best to help their city and country to counter the effects of the invasion and war. Roman Kniaziev comes over from Kharkiv to explain how, together with all the volunteers of ETOC he tries to help out. We are helping him, with all kinds of humanitarian support through our foundation Aid to Ukraine (https://aidtoukraine.nl). The war has shown us there is something to do for everyone, that it is useful and well received. The war still rages and help is always welcome. This talk will show you what has happened last year and how we all can help Ukraine during this horrible time. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/QD8VRX/

Feb 15, 202555 min

Don’t judge a vulnerability by its CVSS score (hackerhotel2025)

The total number of vulnerabilities continues to rise. If we had to rely on just CVSS for prioritizing those vulnerabilities, we have an enormous hard time to remediate all of them. In this talk, we’ll explore the critical gaps in CVSS-based prioritization and discuss why factors like exploitability, asset criticality, and real-time threat intelligence are way more important. Expect real-world examples, a touch of humor, and actionable insights to help you move beyond the CVSS score and toward a smarter, risk-based approach to vulnerability management. Because let’s face it: a CVSS 7 can be way more critical to your organization then a CVSS 9! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/DHNUWQ/

Feb 15, 202527 min

Dutch Fun! (damentals) (hackerhotel2025)

This workshop is especially for all attendants who are not Dutch natives. In an exact and logical manner I will guide you through the syntax and semantics of the Dutch language, from sounds (the famous 'ggh' and vowel inventory) to gender of nouns and word order. There will be simple illustrations to help you get a grip on the language and bluff your way into pub talk with locals. Please bring pen and paper for the old school school experience! I am a Dutch native teacher <i>Dutch as a second language</i>, with experience teaching expats. My background in general linguistics and artificial intelligence as well as participating in the hackers' community enables me to present a language workshop tailored for hackers. In fact, as a teacher for a a general audience I must refrain myself from being too "logical, analytical or just plain geeky" to keep all students happy. In this workshop I will focus on: * providing structure of the Dutch language, similar to how you would explain a programming language, showing the regularities that are present * giving small examples of words as well as expressions and grammatical rules to show a more specific idea of Dutch * interaction: exercises, individually and in groups, puzzle-like, but also speaking exercises (this is always a tough one, so we'll try) * concrete focus will be on gender of nouns: the article "the" in English can be "de" or "het" in Dutch, depending on the gender. Some grammar (demonstratives, adjectives) depends on this gender, following small yet counterintuitive rules * have fun: I will present weird exceptions, false friends and we will also listen to and analyze a Dutch song Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/NZZUQV/

Feb 15, 20251h 21m

How to do vulnerability disclosure in Japan (hackerhotel2025)

With the support of the Dutch embassy in Tokyo, I have researched Coordinated Vulnerability Disclosure (CVD) in Japan for DIVD. Japan’s governmental policy on CVD dates back to 2004. Although Japanese criminal law and jurisprudence do not allow for large-scale intrusive vulnerability research and disclosure, Japanese institutes help citizens disclose zero days to vendors and report vulnerabilities to website operators. Also, the Nation Institute for Information Communication Technology scans and notifies vulnerable IoT, and the Japanese government has adjusted laws to allow this. With the support of the Dutch embassy in Tokyo, I have researched Coordinated Vulnerability Disclosure (CVD) in Japan for the Dutch Institute for Vulnerability Disclosure. Key findings: Japan’s governmental policy on CVD dates back to 2004. The Japanese Computer Emergency Response Team Coordination Center (JPCERT/CC) is an independent institute founded in 1996 and currently funded by METI. The center handles incidents, analyses and shares information on online threats, monitors internet traffic, and has published Vulnerability Notes with Advisories since 2004. Japanese criminal law and jurisprudence do not allow for large-scale intrusive vulnerability research and disclosure as Dutch case law does. In Japan, doing CVD on a broader scope and without informed consent is perceived as very rare. Security researchers generally fear prosecution as they may violate cyber security and privacy laws. A common statement at hacker events was: “I only report if they provide a bug bounty.” Japanese institutes help citizens disclose zero days to vendors and report vulnerabilities to website operators. Organizations like IPA and JPCERT/CC provide structured processes for reporting vulnerabilities, focusing primarily on zero days affecting software or websites widely used in Japan. These reports are forwarded to vendors and operators, though researchers must navigate strict conditions. The Nation institute for Information Communition Technology scans and notifies vulnerable IoT, and the Japanese government has adjusted laws to allow this. The NOTICE project aims to prevent cyber-attacks by scanning IoT devices on weak passwords by attempting to log in. These activities run parallel to the Handling Regulations for Information Related to Vulnerabilities in Software Products and clearly violate cyber security laws. In order to proceed on this endeavor, the Cabinet overruled the Act on Prohibition of Unauthorized Computer Access by a special law, which provided NICT the mandate. To my knowledge, this is unique in the world. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/GEVFSR/

Feb 15, 202525 min

Abacus - about the new software for the Dutch Elections (hackerhotel2025)

The Election Council is working on Abacus, the tabulation software for the elections. Come to this workshop to try your hands on the software in a production-like setting and learn more about the choices and concepts behind it. The Election Council is working on Abacus, the tabulation software for the elections. This workshop will show you how it works, in a production style setting involving test data. After all the counting we take a tour through the GitHub repo (https://github.com/kiesraad/abacus), explain the architecture and choices behind the project so far. Come to this workshop if you are interested in the Dutch Elections and want to understand the actual process, learn about the software development that is being done and ask everything you always wanted to know. Do visit the presentation by Fleur van Leusden, our CISO. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/7YBMR3/

Feb 15, 202546 min

I love historical computing. to the moon and back (hackerhotel2025)

This talk describes the computer and its interfaces the DSKY (DiSplay-KeYboard) on board the Apollo missions that got us to the moon and back. I will point out several modern sources of information about this historical project and how it entertains lots of people to this day, including several emulation projects. Back in the period 1962 to 1969 the US went on a mission to get people on the moon. This talk describes the computer and its interfaces the DSKY (DiSplay-KeYboard) that were used during that time on board the Apollo missions that got us to the moon and back. I will point out several modern sources of information about this historical project and how it entertains lots of people to this day, including several emulation projects. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/B7GZJY/

Feb 15, 202535 min

AiTM: Lessons Learned (hackerhotel2025)

"AiTM: Lessons Learned" dives into the evolving threat of AiTM attacks. Our presentation highlights the transition from basic phishing tactics to sophisticated methods that compromise organizational security. The presentation outlines the journey from oldschool phishing attacks, to phishing framework like UADMIN, and the introduction of tools like Evilginx. And now the SaaS providers allowing anyone to buy access to an AiTM platform. We give an insight into a popular AiTM SaaS platform and the revenue stream hosting such software creates. The session ends by outlining common techniques to prevent these types of attacks. Most organizations use M365 and experience attacks using AITM to bypass MFA. At the same time SaaS providers are building AITM services that allow targeteted attacks allowing for supply chain attacks (AITM targeted against admin sites for: pypi, npmjs and rubygems). At the same time used for very specific scams for example against booking.com. Attackers use the booking.com hotel login to extract creditcard information for upcomming hotel guests. There's been an uprising in the amount of AITM based attacks. BEC fraud operators use it as MFA is more and more common. But the apearance of SaaS providers in the AITM space make these attacks easier to perform and therefore making them more common. Booking.com has been a popular target allowing attackers to use the hotel operator login to phish creditcards by sending upcomming guests reminders to pay. The fact that these reminders are sent via the booking.com app makes them super trustworthy. At the same time environments such as M365/EntraID are popular targets for other operators. This past year we've been trying to prevent and detect these types of attacks. The goal of the presentation is make attendees aware of the risks, the different operators and types of attacks happening today. outline: 1) What is AiTM/BITB 1.1) Phishing history 1.2) Old school phish 1.3) Introduction of commong framework (UADMIN, opwelk, haiku) 1.4) Evilginx 1.5) AiTM SaaS providers 2) How to detect phishes 2.1) The concept 2.2) What we have built - didsomeoneclone.me 2.3) Then came the Microsoft idea 2.4) Gaining insight into the amount of phishes 3) Fingerprint tool 3.1) The goal 3.2) How does it work? 3.3) Adding certificate transparency to preempt attacks 3.4) Outcome and statistics 4) What we see 4.1) How often does it actually occur? 4.2) Different actors. Example.com. Evilginx Rick Roll, MSPHP 4.3) Microsoft sandbox also visits the URLs and they come in 4.4) How quickly is Evilginx taken down 5) actors 5.1) various offers 5.2) actor revenue 6) Future work 6.1) automatically finding victims in our EDR tooling 6.2) Attempts at improvement - CSS exfil. 6.3) Roadmap Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/WYLJK3/

Feb 15, 202539 min

Hacking with screenreaders as tool or utility (hackerhotel2025)

How to use screenreaders to scan the operatingsystem, building blocks of an application or web-enviroment. How to use screenreaders to scan the operatingsystem, building blocks of an application or web-enviroment. Other topics are: * Reading and analysing logging * Capture a scrolling text * Query of classes etc Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/AXL9WT/

Feb 15, 202551 min

Workshop loosing weight (hackerhotel2025)

I have been struggling with my weight for over 25 years. After reading the book : The Obesity Code" everything clicked. Since I have lost 13 kg within 6 months. The great thing about this is that it is effortless. In this workshop we start with the theory of gaining and loosing weight. After that we are going to look at recipes for individual participants. What works, what doesn't. In the end you will know what should work for you, and how you can loose weight effortlessly. I have been struggling with my weight for over 25 years. After reading the book : The Obesity Code" everything clicked. Since I have lost 13 lg within 6 months. The great thing about this is that it is effortless. In this workshop we start with the theory of gaining and loosing weight. After that we are going to look at recipes for individual participants. What works, what doesn't. In the end you will know what should work for you, and how you can loose weight effortlessly. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/HPGGPC/

Feb 15, 20251h 0m

De validatiecrisis (hackerhotel2025)

De opkomst van geavanceerde technologie en kunstmatige intelligentie heeft ongekende mogelijkheden gecreëerd, maar ook een sluimerend probleem blootgelegd: de validatiecrisis. In deze lezing neemt Brenno de Winter, gerenommeerd cybersecurity-expert en auteur van De Validatiecrisis, u mee in de wereld van misleidende aannames, ongeteste technologie, en de gevaren van een gebrek aan kritische evaluatie. Hij toont aan hoe deze crisis niet alleen technologie, maar ook maatschappelijke besluitvorming ondermijnt. Een belangrijk deel van de lezing is gewijd aan de MIAUW-methodiek (Methodiek voor Informatiebeveiligingsonderzoek met Auditwaarde). Dit gestructureerde framework biedt een oplossing voor de validatiecrisis in informatiebeveiliging door de nadruk te leggen op reproduceerbaarheid, transparantie en auditwaarde. MIAUW stelt organisaties in staat om kwetsbaarheden niet alleen te identificeren, maar ook te documenteren op een manier die zowel controleerbaar als bruikbaar is voor bredere compliance- en risicomanagementstrategieën. Tijdens de lezing bespreekt Brenno de Winter praktische voorbeelden, biedt hij concrete handvatten om kritisch denken te bevorderen, en illustreert hij hoe MIAUW organisaties kan helpen de kloof tussen complexe technologie en verantwoorde toepassing te overbruggen. Technologie en kunstmatige intelligentie hebben onze samenleving fundamenteel veranderd, maar brengen ook een diepe uitdaging met zich mee: de validatiecrisis. In deze lezing onthult Brenno de Winter, cybersecurity-expert en auteur van De Validatiecrisis, hoe een gebrek aan kritische controle en grondige evaluatie van data en technologieën leidt tot risico’s op het gebied van veiligheid, ethiek en besluitvorming. De validatiecrisis is een fenomeen dat zich niet alleen in de echte wereld afspeelt, maar zelfs in fictieve experimenten fascinerende en leerzame inzichten biedt. De Validatiecrisis: Wat Gaat Er Mis? De validatiecrisis is een fundamenteel probleem waarbij aannames en technologieën zonder grondige controle worden geaccepteerd. Dit leidt tot mislukte projecten, gebrekkige AI-systemen en besluitvorming gebaseerd op onjuiste gegevens. De Winter illustreert dit met praktijkvoorbeelden, waaronder AI-modellen die falen in het herkennen van nuance, en situaties waarin vertrouwen in onbewezen technologie desastreuze gevolgen heeft. Hij legt de nadruk op het belang van kritische evaluatie en hoe een gebrek daaraan leidt tot blinde vlekken in onze technologische ontwikkeling. Een Lessenpakket van de Maan Een belangrijk onderdeel van de lezing zijn de fictieve experimenten op de maan, waarin menselijke en technologische interacties werden onderzocht in een context waar katten een sleutelrol spelen. In deze hypothetische samenleving, waar katten niet alleen huisdieren maar politieke actoren zijn, faalden AI-systemen in het begrijpen van de complexe hiërarchieën en sociale dynamiek. Dit leidde tot een fictieve oorlog met de planeet Bananie, die volledig had kunnen worden voorkomen als technologie op een grondigere manier gevalideerd was. De experimenten fungeren als een metafoor voor de gevaren van slecht gevalideerde technologieën. Ze tonen hoe kleine fouten in de basis van systemen kunnen leiden tot grote gevolgen, of het nu gaat om ethische kwesties, veiligheid of zelfs internationale relaties. Dit fictieve voorbeeld onderstreept de bredere boodschap: technologie moet niet blind worden vertrouwd, maar moet voortdurend worden getest en gecontroleerd. De MIAUW-methodiek: Een Gestructureerde Aanpak Als antwoord op de validatiecrisis presenteert De Winter de MIAUW-methodiek (Methodiek voor Informatiebeveiligingsonderzoek met Auditwaarde). Dit framework biedt een gestructureerde aanpak voor penetratietesten die niet alleen technische kwetsbaarheden identificeert, maar deze ook documenteert op een manier die reproduceerbaar en controleerbaar is. MIAUW stelt organisaties in staat om niet alleen inzicht te krijgen in risico’s, maar ook om deze te verbinden aan bredere compliance- en risicomanagementstrategieën. Met concrete voorbeelden laat De Winter zien hoe MIAUW organisaties helpt om niet alleen veiliger te worden, maar ook om transparant en verantwoord om te gaan met hun technologie. Door reproduceerbare resultaten en sterke auditwaarde mogelijk te maken, biedt MIAUW een praktische oplossing voor de uitdagingen van moderne technologie. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/7VXSPZ/

Feb 14, 202551 min

Ask me anything, with Huib Modderkolk (hackerhotel2025)

This you really want to know. Huib has been responsibly disclosing the Secret Services, criminals and hackers. Now we turn it around: ask Huib anything. Chris van ‘t Hof will guide the conversation. Books: 2024 “Dit wil je echt niet weten”, 2019 “Het is oorlog en niemand die het ziet”, “There's a War Going On But No One Can See It” - Its war and everyone can see it now. “Der digitale Weltkrieg, den keiner bemerkt” Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/NBZPQZ/

Feb 14, 202541 min

Openingstalk Hackerhotel 2025 (hackerhotel2025)

Openingstalk by Dimitri opening Hackerhotel 2025 In this openingstalk i will open Hackerhotel 2025 and thank all people that helped me and explain about how this Hackerhotel 2025 organisation went. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/EMVMAX/

Feb 14, 20251h 5m

Nerding out over silly machines (hackerhotel2025)

You've maybee seen the raking robot that got a CEH (Certified Estetisch Harker) certificate, the Telex linked to Twitter/Telegram or the ASCII foto booth. They are all made by me. If this talk gets accepted I will do a deep dive on these three contraptions and what I learned building them. Beside Schuberg Philis, DIVD, attending the farm and keeping my bees I als build machines. It is an interesting process and I want to share it with you. Machiens I will be talking about: * The (worlds?) 1st 3d color printer from TNO * The raking robot * AI/Twitter/Telegram/Slack connected Telex * ASCII photo booth Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/XSSZ9J/

Feb 14, 202557 min

Automating incident response: scalable & fast, within minutes (hackerhotel2025)

In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in digital forensics, is no longer sufficient nor is it efficient enough. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset. In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. Based on how we have built our incident response lab using open-source software packages developed by Microsoft (AVML), Google (Timesketch, WinPmem), Rapid7 (Velociraptor), Fox-IT (Dissect), Elastic, KROLL (KAPE) and HashiCorp (Terraform, Vault). We will guide you from using tools manually to using these tools automatically and magically. Well not really magically, but we will emphasise the application of a DevOps mindset to the process that most incident responders execute on a daily basis including ourselves, combined with examples that can be put into practice. In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in the perspective of digital forensics, is no longer sufficient. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset. In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. We will guide you from using tools manually to using these tools automatically and magically . Well not really magically, but we will emphasize the application of a DevOps mindset to the process that most incident responders execute on a daily basis including ourselves, combined with examples that can be put into practice. An example of this is that the human knowledge of an incident responder should feed into the repeatable methods and should not stay in the mind of the best incident responder in the team. By using feedback loops, the knowledge that is gained during a case can be transformed into methods that can be re-used during new cases. In setting up our incident response service, we had the benefit that we could start from scratch, without any legacy, in a cloud native world and with a significant number of lessons learned in the past, we have built an innovative incident response lab using open-source software packages developed by Microsoft, Google, Rapid7, Fox-IT, Elastic, KROLL and HashiCorp. By using Infrastructure as Code (IaC) we can automatically provision the lab on the Google Cloud Platform, acquire and process data and perform analysis using various methods within two hours, without the intervention of an incident responder. We still need humans, but we should focus on doing the creative and research part of an incident response case. Besides that, there is no silver bullet, humans cannot fully trust the automated analysis. This is where the investigative prowess of a digital detective comes into play, ensuring the validation of results and the reproducibility of findings throughout the entire incident response process, from data acquisition to analysis of information. References https://hackernoon.com/the-devops-mindset-a-step-by-step-plan-to-implement-devops-s03p35rr https://nluug.nl/bestanden/presentaties/2022-11-29-francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default.pdf https://zawadidone.nl/automating-dfir-using-cloud-services/ https://www.huntandhackett.com/blog/scalable-forensics-timeline-analysis-using-dissect-and-timesketch Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/ARDG3T/

Feb 14, 202550 min

Android Auto (Flitsmeister) (hackerhotel2025)

How to make an Android App for Android Auto, a demo of the MapLibre sample app, and stories about Flitsmeister. FrankkieNL has worked on the Android Auto (and Automotive) version of the Flitsmeister app. This navigation app uses MapLibre to render a map on the Car screen. During this talk, we will discuss how this works and how you can create your own Android Auto-based app. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/ZQ3RYV/

Feb 14, 202546 min

OT Cyberchallenges 2 (hackerhotel2025)

A year later, we are back at the wonderful company Acme where nice people make beautiful things. This time we will follow up on that and tell you how the company can improve their own maturity and security levels as explained in the standard. A year later, we are back at the wonderful company Acme where nice people make beautiful things. How did they fare, and what steps can they take now to protect their beautiful company from unwanted incidents. Last time we explained the challenges the company faces and how they could start their OT cybersecurity journey. This time we will follow up on that and tell you how the company can improve their own maturity and security levels as explained in the standard. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/J33HDT/

Feb 14, 202559 min

Getting a feel for lockpicking (opening up the world of locksport for the visual impaired) (hackerhotel2025)

Lockpicking is a sport where you open locks without force and mostly without keys. While doing this activity nothing much can be seen of the actual process. In stead you need to rely on sound and feel (tactile feedback from the lock). Therefor a lot of people (including us) think a visual impaired person could be rather good at this (as they are more trained to use the "other" senses) The firsts steps into locksport however are VERY visually heavy (video's, pictures, diagrams) which makes it rather hard for a visual impaired person to get started. We believe we fixed that now. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/WBSRED/

Feb 14, 202543 min

Crypto 101 (hackerhotel2025)

A short introduction to cryptography, its past, present and future for the not yet fully initiated. Many talks mentioned cryptography somewhere along the presentation and everybody just nods. But how many people actually know the insights of cryptography? Why some things work and some things don't? During this talk I will explain the difference between encoding and encryption, the most common uses of cryptography, the difference between synchronous and asynchronous encryption, hashes. I will include some history and some future developments like quantum and why wel call cryptocoin cryptocoin. In a slow pace, scratching the surface for uninitiated, but the scratches will go deep enough for more initiated to get some more background. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/KPBZKG/

Feb 14, 202554 min